Miscellaneous Leaks
California State University / 0 day xss
Submitted by umutzai06, 10-02-2023, 03:30 AM, Thread ID: 259707
Again, while I was on an adventure, I discovered an HTML-linked open discovery through HTML (RCE = remote code execution), that is, where I can remotely execute malicious code. I did this on the california public university' website.
When we write this open malicious code, it exposes the .rtf files in the database and you can follow every function performed in the system almost instantly. In this way, I followed the system for a while (listened).
You can think of it like Mitm attack or monitoring network traffic with protocols(i), wireshark tool, but this seems to be more effective for now. If I can improve it in the future, or if it can be noticed and improved without opening, there may be worse results. I would like to share some of the exposed files with the precious ip family. (We can say that .rtf = a file type that is similar to wordpad, microsoft'word, office, excell vbs components and can be opened with these components.)
![[Image: svrkk62]](https://www.hizliresim.com/svrkk62)
When we write this open malicious code, it exposes the .rtf files in the database and you can follow every function performed in the system almost instantly. In this way, I followed the system for a while (listened).
You can think of it like Mitm attack or monitoring network traffic with protocols(i), wireshark tool, but this seems to be more effective for now. If I can improve it in the future, or if it can be noticed and improved without opening, there may be worse results. I would like to share some of the exposed files with the precious ip family. (We can say that .rtf = a file type that is similar to wordpad, microsoft'word, office, excell vbs components and can be opened with these components.)
Users browsing this thread: 1 Guest(s)