The Bugs , I found during Pen-Testing in an University Website!!

My First Bug! I, found by manual testing some websites! in Offensive Approach!!! where i found some non-severe bugs which was present inside the Sathyabama University Webpage!

1)Self XSS:

A simple payload i executed as <script>alert(“Hacked”);</script> which shown an alert of Self XSS!!

2)HTML Injection:

i tried executing HTML injection by implementing a simple image tag as

<img src=”https://cdn.pixabay.com/photo/2017/10/05/22/55/ anonymous-2821433__340.jpg”> this is an stock image taken from pixabay which was i enclosed within double quotes” ”. this bug disapper after a reload of url and it is not a severe bug. i.e,it executes only client-side.

PAYLOAD: a Payload is a simple script which may be a text/unicode/syntax,etc.which is used to execute or test a process.

My Customized JavaScript Payloads for XSS:

User-Agent: <script>alert(“navigator.userAgent”)</script>

Platform: <script>alert(“navigator.Platform”)</script>

Screen-Resolution:<script>alert(screen.width+”X”+screen.height) </script>

Burp Intruder

Later I, Automated the Testing process with BurpSuite Professional Edition to test vulnerability with a set of payloads!

Reporting of Bug:

i mailed the officials of Sathyabama University !! by finding thier e-mail id from their website http://www.sathyabama.ac.in/ but there is no response from thier side.

Facebook
Chancellor of Sathyabama University

i tried my level best in reporting this Bug! but there is no Response from their side.so,I published this writeup to reach peoples knowledge!

Vulnerable URL: https://www.sathyabama.ac.in/online_entrance_application_offline_status.php

Bug Fixing:

the XSS Bug occurs due to improper sanitization in websites which leads to execute Javascript and Html code by the End-User to fix XSS Bug refer

URL: https://www.acunetix.com/websitesecurity/cross-site-scripting/

“Bug”

I Know this a Crime! to test a website which does’nt have any Bug-Bounty/Responsible Disclosure Program.

I Wish they will Fix these Bugs after this Writeup!! Reach thier knowledge!!

it’s not $whoami, but what i do that defines me!