Tag: muskecan

ITSLEARNING XSS PART 2

Today I want to explain you how I can still be able to execute javascript payloads on Itslearning education syste. Itslearning XSS part 2 begins! You should check the part 1 of this article. ITSLEARNING STORED XSS VULNERABILITY OR NOT? Mr. Håkon Høydal, wrote an article about Itslearning. After that Itslearning, did some things to filter…


Guestall – SIMPLE BUT IMPORTANT PYTHON SCRIPT

Hi everyone. I coded a basic python script that install guest additions on your debian based linux. I called it Guestall, it supports VMWare and VirtualBox. It is easy to use. I’ve made it because I always forget these things. It is not a problem anymore with guestall. I hope it helps everyone like me. Guestall…


ITSLEARNING STORED XSS VULNERABILITY OR NOT?

I’ve found an stored XSS on itslearning education system works without even autorized. Hacker can do lots of things via Itslearning stored XSS vulnerability. This XSS works without any authorization, so it is more dangerous than usual XSS. Payload : I use <svg/onload=prompt(1)> but almost every payload works. PoCs about itslearning stored XSS  Redirect via XSS; https://files.itslearning.com/data/2099/13132/xss.html Alert…


-------------------------------------------------------------------------------------------------------------------------Mustafa Kemal Can-------------------------------------------------------------------------------------------------------------------------