# Savsoft Quiz 5 – ‘User Account Settings’ XSS漏洞
# Exploit Title: Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting # Date: 2021-05-04 # Exploit Author: strider # Software Link: https://github.com/savsofts/savsoftquiz_v5 # Vendor: https://savsoftquiz.com # Version: 5.0 # Tested on: Ubuntu 20.04 LTS / Kali Linux ====================================[Description]==================================== The vulnerability is found at the user settings page where the user can change his name and his login credentials. its possible to inject html/js into the fields which will be executed after pressing submit. ====================================[Proof of Concept]==================================== If you installed this software create a new user or you can use the default user shown in the install description test-link: login into an account step2) click on the top right on you account name and navigate to "My Account" step3) insert "> into the fields and hit submit boom!
© 版权声明