facebook facebook twitter rss

Script Question2Answer 1.7 - Stored XSS Vulnerability

Author: s0w , Published: 23-03-2015
######################################################################
[+] Title: Script Question2Answer 1.7 - Stored XSS Vulnerability
[+] Author: s0w (Fb.com/s0w.egy)
[+] Date: 21/03/2015
[+] Type: Web Application
[+] Download: https://github.com/q2a/question2answer
[+] Home Page: http://www.question2answer.org
[+] Vulnerability in:\qa-include\pages\question.php
[+] Google Dork : intext:"Powered by Question2Answer"
#######################################################################

[....]
Line 204:
} else { // ...in view mode
$qa_content['q_view']=qa_page_q_question_view($question, $parentquestion, $closepost, $usershtml, $formrequested);
$qa_content['title']=$qa_content['q_view']['title'];
$qa_content['description']=qa_html(qa_shorten_string_line(qa_viewer_text($question['content'], $question['format']), 150));
$categorykeyword=@$categories[$question['categoryid']]['title'];
$qa_content['keywords']=qa_html(implode(',', array_merge(
(qa_using_categories() && strlen($categorykeyword)) ? array($categorykeyword) : array(),
qa_tagstring_to_tags($question['tags'])
))); // as far as I know, META keywords have zero effect on search rankings or listings, but many people have asked for this
}
[....]

[+] As shown in the code, the value of 'title' and 'textbody' not filtered by 'htmlspecialcharts'
which cause stored xss and same in data-store in webserver SQL commands .
[+] Exploit :
1. Browse application in browser ..
2. Add new question with xss code like alert method ;)
3. submit the new question to viewers ..
4. complete next steps as xss in tag,body,title,.. etc ..
5. Finally submit your Qes ..
6. Test your target in main page ./index.php ..
7. Use this in Cookies,alerts, Or TrafficBots :D Have Fun !!

[+] XSS Pattern can be used: '"<script>alert(/s0w/)</script>
[+] Demo Video : http://youtu.be/6qy9DXifNiw
[+] Demo Target :
http://soualwjoab.com/

‪#‎Greetz‬ To Egyptian Shell team & Sec4ever

Like us on Facebook :