Add new comment

PTU Jalandhar Website XSS Vulnerability

These days Full Disclosure mailing list is being dominated by XSS vulnerabilities. It is time I should put up my contribution too, for an XSS vulnerability I have known for around 7-8 months.
The site in question ptu.ac.in is of Punjab Technical University, Jalandhar. The URL http://ptujal.org used to refers to the same site.
On a web application by the name PTU Intranet, there is an xss vulnerability. When a user attempts a login and the username/ password is incorrect, the get variable err is not sanitised for invalid input.

Click here to test PTU official site for XSS

also check this

Click here to test PTU official site for XSS

On the above pages you can find SQL injection vulnerability as well.

Submitted by Ajay Pal Singh Atwal on May 29, 2006 - 10:31am. categories [ Bug Reports | Exposed | Security ] Ajay Pal Singh Atwal's blog | add new comment | read more | 2178 reads

Reply

*
*
The content of this field is kept private and will not be shown publicly.


*

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <b>
  • Lines and paragraphs break automatically.
More information about formatting options