STORY OF HOW I HACKED DIFFERENT IIT’s (Indian Institutes of Technology) IN INDIA
Today im going to share the experience about how i hacked IIT’s in india
IIT
The Indian Institutes of Technology are prestigious central government owned public technical institutes located across India. Known for their excellence in education, they are under the ownership of the Ministry of Education of the Government of India.
XSS
Cross-site scripting is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
XSS REFLECTED (GUWAHATI,JODHPUR)
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim’s browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.
BLIND XSS (GUWAHATI)
Blind XSS vulnerabilities are a variant of persistent XSS vulnerabilities. They occur when the attacker input is saved by the web server and executed as a malicious script in another part of the application or in another application.
HTML INJECTION (GUWAHATI,JODHPUR)
It is a security vulnerability that allows an attacker to inject HTML code into web pages that are viewed by other users.
WHILE DOING SOME RECON ON IIT GUWAHATI AND IIT JODHPUR I GOT SOME PARAMETRES THAT ARE VULNERABLE TO XSS (blind,reflected) and HTML INJECTION
IIT GUWAHATI
BLIND XSS:
for finding blind xss i used https://xsshunter.trufflesecurity.com/app/ and the result is
REFLECTED XSS:
when i used the payload <script>alert(“XSS POC BY VED4”)</script> the result was
then i used the payload <script>alert(document.cookie)</script> and the result looks like this.
HTML INJECTION:
for demonstrating an HTML INJECTION vulnerability i used the payload <marquee>IIT GUWAHATI HTML INJECTION VULNERABILITY</marquee> <h2>POC BY VED4</h2> and the result was looks like this
IIT JODHPUR
REFLECTED XSS:
here i used the same payload used in the iit guwahati
HTML INJECTION:
here is used the payload <marquee> HTML INJECTION VULNERABILITY POC BY ved4vyasan </marquee> <h1>HTML INJECTION </> and the result is
REPORTED TO NCIIPC AND IIT TEAM.THEY PATCHED THE VULNERABILITY.
THANKS,
REGARDS
VEDAVYASAN S (ved4vyasan)
Profile links:
https://www.instagram.com/ved4vyasan/