The Bugs , I found during Pen-Testing in an University Website!!
My First Bug! I, found by manual testing some websites! in Offensive Approach!!! where i found some non-severe bugs which was present inside the Sathyabama University Webpage!
1)Self XSS:
A simple payload i executed as <script>alert(“Hacked”);</script> which shown an alert of Self XSS!!
2)HTML Injection:
i tried executing HTML injection by implementing a simple image tag as
<img src=”https://cdn.pixabay.com/photo/2017/10/05/22/55/ anonymous-2821433__340.jpg”> this is an stock image taken from pixabay which was i enclosed within double quotes” ”. this bug disapper after a reload of url and it is not a severe bug. i.e,it executes only client-side.
PAYLOAD: a Payload is a simple script which may be a text/unicode/syntax,etc.which is used to execute or test a process.
My Customized JavaScript Payloads for XSS:
User-Agent: <script>alert(“navigator.userAgent”)</script>
Platform: <script>alert(“navigator.Platform”)</script>
Screen-Resolution:<script>alert(screen.width+”X”+screen.height) </script>
Later I, Automated the Testing process with BurpSuite Professional Edition to test vulnerability with a set of payloads!
Reporting of Bug:
i mailed the officials of Sathyabama University !! by finding thier e-mail id from their website http://www.sathyabama.ac.in/ but there is no response from thier side.
i tried my level best in reporting this Bug! but there is no Response from their side.so,I published this writeup to reach peoples knowledge!
Vulnerable URL: https://www.sathyabama.ac.in/online_entrance_application_offline_status.php
Bug Fixing:
the XSS Bug occurs due to improper sanitization in websites which leads to execute Javascript and Html code by the End-User to fix XSS Bug refer ⬇
URL: https://www.acunetix.com/websitesecurity/cross-site-scripting/
I Know this a Crime! to test a website which does’nt have any Bug-Bounty/Responsible Disclosure Program.
I Wish they will Fix these Bugs after this Writeup!! Reach thier knowledge!!
