STORY OF HOW I HACKED DIFFERENT IIT’s (Indian Institutes of Technology) IN INDIA

Today im going to share the experience about how i hacked IIT’s in india

IIT

The Indian Institutes of Technology are prestigious central government owned public technical institutes located across India. Known for their excellence in education, they are under the ownership of the Ministry of Education of the Government of India.

XSS

Cross-site scripting is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

XSS REFLECTED (GUWAHATI,JODHPUR)

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim’s browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.

BLIND XSS (GUWAHATI)

Blind XSS vulnerabilities are a variant of persistent XSS vulnerabilities. They occur when the attacker input is saved by the web server and executed as a malicious script in another part of the application or in another application.

HTML INJECTION (GUWAHATI,JODHPUR)

It is a security vulnerability that allows an attacker to inject HTML code into web pages that are viewed by other users.

WHILE DOING SOME RECON ON IIT GUWAHATI AND IIT JODHPUR I GOT SOME PARAMETRES THAT ARE VULNERABLE TO XSS (blind,reflected) and HTML INJECTION

IIT GUWAHATI

BLIND XSS:

for finding blind xss i used https://xsshunter.trufflesecurity.com/app/ and the result is

BLIND XSS PAYLOAD FIRED

REFLECTED XSS:

when i used the payload <script>alert(“XSS POC BY VED4”)</script> the result was

reflected xss poc guwahati

then i used the payload <script>alert(document.cookie)</script> and the result looks like this.

HTML INJECTION:

for demonstrating an HTML INJECTION vulnerability i used the payload <marquee>IIT GUWAHATI HTML INJECTION VULNERABILITY</marquee> <h2>POC BY VED4</h2> and the result was looks like this

IIT GUWAHATI HTML I INJECTION VULNERABILITY

IIT JODHPUR

REFLECTED XSS:

here i used the same payload used in the iit guwahati

iit jodhpur xss reflect poc

HTML INJECTION:

here is used the payload <marquee> HTML INJECTION VULNERABILITY POC BY ved4vyasan </marquee> <h1>HTML INJECTION </> and the result is

HTML INJECTION VULNERABILITY JODHPUR

REPORTED TO NCIIPC AND IIT TEAM.THEY PATCHED THE VULNERABILITY.

THANKS,
REGARDS
VEDAVYASAN S (ved4vyasan)

Profile links:

https://www.instagram.com/ved4vyasan/

https://www.linkedin.com/in/vedavyasan-s-a9825b228/

https://twitter.com/ved4_vyasan