CVE-2023-38964
Introduction
I was searching for an LMS (Learning Management System), which is like a CMS (Content Management System) but specifically designed for managing courses. During my search, I came across "Academy LMS 6.0". I purchased this product and decided to test it for vulnerabilities before uploading my courses and deploying it on my site.
Code Analysis
At application > controllers > Home.php, on line 855, we found the search function, and on lines 858 - 865, it is checked for XSS payloads.
These checks only if $_GET['query'] contains " and script string.
Attack
Intercepting query request with burp:
"TESTT" is reflected in source code:
We have two vectors for attack:
Weak verification
Input reflect on the page
Go test the following payload:
Last updated
