Advertisement






Ora School Suite - Ultimate school management system v5.0 Stored XSS Injection

CVE Category Price Severity
CWE-79 Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2019-04-25
CPE
cpe:cpe:/a:ora:school_suite:ultimate_school_management_system:5.0
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019040224

Below is a copy:

Ora School Suite - Ultimate school management system v5.0 Stored XSS Injection
[*] :: Title: Ora School Suite - Ultimate school management system v5.0 Stored XSS Injection
[*] :: Author: QUIXSS
[*] :: Date: 2019-04-25
[*] :: Software: Ora School Suite - Ultimate school management system v5.0
  
[?] :: Technical Details & Description:
# Weak security measures like bad input fields data filtering has been discovered in the Ora School Suite - Ultimate school management system. Current version of this web-application is 5.0.

[?] :: Demo Website:
# https://codecanyon.net/item/schoex-ultimate-school-management-system/9797830
# Backend: http://demo.solutionsbricks.com/schoex/
# Login/Password (admin): admin/admin123

[!] :: Special Note:
# Author of this web-application was warned about bad security measures. Nothing has changed.

[!] :: For developers:
# Disabling any data changes on a demo websites doesn't make your applications more secure. It's good for business and sales but you are simply double-crossing your clients.

[+] :: PoC [Links]:
# http://demo.solutionsbricks.com/schoex/

[+] :: PoC [Stored XSS Injection]:
# Authorize on the demo website for tests, then go to http://demo.solutionsbricks.com/schoex/portal#/frontend/settings page, select the third tab Direitos autorais do rodap (footer copyright settings) and use your payload in the Direitos autorais deixados field. Save the data and then you'll see that XSS filter is not triggered and your payload is successfully injected.
# Sample payload: <img src="x" onerror="alert('QUIXSS');">

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.