Cross Site Scripting (XSS) Found in University of Washington
http://down--tech.blogspot.com/2015/01/cross-site-scripting-xss-found-in.html
Cross Site Scripting (XSS) Found in University of Washington
Description:-
Ch. Muhammad Osama (Founder of Down Techs), an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in University of Washington Website www.washington.edu, which can be exploited by an attacker to conduct XSS attacks.
Cross Site Scripting (XSS) :-
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
University of Washington :-
The University of Washington (UW), commonly referred to as Washington or informally UDub, is a public research university in Seattle, Washington, United States. Founded in 1861, UW is one of the oldest universities on the West Coast and features one of the most highly regarded medical schools in the world. UW has been labeled one of the "Public Ivies," a publicly funded university considered as providing a quality of education comparable to those of the Ivy League.
Proof of concept:-
URL :- http://www.washington.edu/downtechs.html
User-Agent :- <script>prompt(1)</script>
Final Shot :-
