Tag: itslearning webcam

ITSLEARNING VULNERABILITY STORIES – One more stored XSS

Itslearning vulnerability stories episode 3 is here. I want to add another stored xss to itslearning vulnerabilities list. Let’s do it! This is an interesting vulnerability that triggers stored XSS. Itslearning has a kind of document sharing feature that helps people to share files to each other. Normally, when you click the file, system automatically…


ITSLEARNING XSS PART 2

Today I want to explain you how I can still be able to execute javascript payloads on Itslearning education syste. Itslearning XSS part 2 begins! You should check the part 1 of this article. ITSLEARNING STORED XSS VULNERABILITY OR NOT? Mr. Håkon Høydal, wrote an article about Itslearning. After that Itslearning, did some things to filter…


ITSLEARNING STORED XSS VULNERABILITY OR NOT?

I’ve found an stored XSS on itslearning education system works without even autorized. Hacker can do lots of things via Itslearning stored XSS vulnerability. This XSS works without any authorization, so it is more dangerous than usual XSS. Payload : I use <svg/onload=prompt(1)> but almost every payload works. PoCs about itslearning stored XSS  Redirect via XSS; https://files.itslearning.com/data/2099/13132/xss.html Alert…


-------------------------------------------------------------------------------------------------------------------------Mustafa Kemal Can-------------------------------------------------------------------------------------------------------------------------