KhiZaRix Posted March 25, 2015 Report Posted March 25, 2015 ######################################################################[+] Title: Script Question2Answer 1.7 - Stored XSS Vulnerability[+] Author: s0w[+] Tested On Windows & Linux[+] Date: 21/03/2015[+] Type: Web Application[+] Script Download: https://github.com/q2a/question2answer[+] Vendor Homepage: Question2Answer - Free Open Source Q&A Software for PHP[+] Vulnerability in:\qa-include\pages\question.php[+] Google Dork : intext:"Powered by Question2Answer"#######################################################################[+] As shown in the code, the value of 'title' and 'textbody' not filteredby 'htmlspecialcharts' which cause stored xss and same in data-store in webserver SQL commands.[+] Exploit : 1. Browse application in browser .. 2. Add new question with xss code like alert method 3. submit the new question to viewers .. 4. complete next steps as xss in tag,body,title,.. etc .. 5. Finally submit your Qes .. 6. Test your target in main page ./index.php .. 7. Use this in Cookies,alerts, Or TrafficBots Have Fun !![+] XSS Pattern can be used: '"<script>alert(/s0w/)</script>[+] Demo Video : Script Question2Answer - Stored XSS Vulnerability - YouTube[+] Demo Target : ???? ?????# Discovered By: s0w# Contact: fb.me/s0w.egy# Mail: s0wxp0c@gmail.com?#? Greetz? To Egyptian Shell team | Sec4ever ?#Source:http://dl.packetstormsecurity.net/1503-exploits/question2answer-xss.txt Quote
.thumb.jpg.29b1f7ae7dd9ad5a11e41a710722ba35.jpg)