ITSLEARNING VULNERABILITY STORIES - One more stored XSS

ITSLEARNING VULNERABILITY STORIES - One more stored XSS

- 1 min

Itslearning vulnerability stories episode 3 is here. I want to add another stored xss to itslearning vulnerabilities list. Let’s do it!

This is an interesting vulnerability that triggers stored XSS. Itslearning has a kind of document sharing feature that helps people to share files to each other.

Normally, when you click the file, system automatically download this file. But If delete the last part - which is download parameter- of url, itslearning executes it!

The new Itslearning vulnerability Poc is here;

https://youtu.be/mCGT2IuepM4

It was a good exercise to me. I really liked it actually.

Another XSS is kinda like earlier XSS on itslearning. Here is the PoC about it. It doesn’t need any explanation.

https://youtu.be/xvHZmDm6MKQ

rss facebook twitter github mail instagram linkedin
rss facebook twitter github mail instagram linkedin