CVE-2020–26006
#Exploit Author : Nikhil Kumar
#vendor : Project Worlds Official
#Application Link : https://github.com/projectworldsofficial/online-examination-systen-in-php/archive/master.zip
#Version: 1.0
# CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26006
# CVE: CVE-2020–26006
What is XSS :
XSS is Stand for Cross-Site Scripting. In Which an attacker permanently inject the malicious java script in database of the target server through input field. A common impact of XSS are that the attacker can steal the cookies of users , deface the web application and redirect the user’s to phishing pages.
Attack Vector:
An attacker to inject the XSS payload in the vulnerable input point and each time user’s visit application the XSS triggers and Attacker can able to redirect to some malicious or phishing webpage according to the crafted payload.
Vulnerable component: account.php
Remediation :
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
Author: Nikhil Kumar
https://www.linkedin.com/in/nikhil-kumar-4b9443166/