I have had a severe sprain in my neck for around 3 days now and was looking for “something different” to do after i get well. Also I had been writing an article on the cross-site scripting framework for the college’s annual magazine. (you will know where am I going with this soon). So as I was thinking it came to me that ” watching theatre” could be the “something different”. I am as it is a huge fan of the plays organized by the NSD Repertory Company and hence NSD was the first place I started looking for, for any upcoming shows. I am a lazy person and instead of calling the helpline preferred visiting the website. Just in case if you didn’t know the website, it is http://nsd.gov.in . Allright …um… NSD website + XSS article….. NSD website + XSS article….. NSD website + XSS article….. NSD website + XSS article….. NSD website + XSS article…. NSD website + XSS article.
XSS on NSD’s website :D
Here is the alumni’s section. :)
All right how did I find it. ?
So for obvious reasons (look at the url , id=some integer) , I thought there could be a possible sqli vulnerability, though i knew i had a very little chance, i still pushed in the url to both havij and sqlmap. Havij failed however sqlmap listed that a boolean based blind could be executed in the format of 1=1, so for abvious reasons i tried a=a. Which did not work… ah…then finally came to me that and i executed the ‘a’=’a’. Finally replace the ‘a’ with a script and tada! :D
About the disclosures.
I wrote a mail to email@example.com, firstname.lastname@example.org and email@example.com. I also submitted it to thehackernews.com, xssed.com and null.co.in
However I do not expect a reply any time soon.
You Might Want To Check Out:
by Adwiteeya Agrawal