Sign in

Exploit for CVE-2020–29257 — Reflected Cross-site scripting (XSS) vulnerability

# Exploit Title: Online Examination System 1.0 — Reflected Cross-Site Scripting
# Date: 21/Nov/2020
# Exploit Author: Asfiya Shaikh
# Vendor Homepage:
# Version: 1.0
# Tested on: Windows 7

Description — Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the q parameter to feedback.php.
Affected Component —<<Vulnerable_Parameter>>
Payload — <script>alert(1)</script>

Impact — Reflected Cross Site Scripting is relatively complex to exploit as the malicious payload has to be send as a part of URL and user should be tricked to visit that URL. However, it has the same impact as that of a persistent XSS. XSS can be used to hijack victim’s session and thereby gaining complete access to his/her user account. Additionally, it can be used to redirect victim to a malicious website which may contain browser exploits or a phishing page.

Reference —

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store