Today, also some people which aren’t interested in computer science might know what Cross-Site Scripting or XSS is. This I think is because everywhere we can read things like “WebApplication Firewall with XSS protection”, “Browserfilter against XSS” and so on, but now I ask the question: Is it enough that people know about it? For get an answer of this question I thought about who should be able to know about such stuff and where will the people be which are doing research in the art of protecting us against such attacks and who will built the line of defence in security tomorrow. The answer for this question is easy: In the universities.
So, there are many universities all around the world now which one should I test for XSS? I made it easy for myself and had a look at the ranking of the “Top 500 World Universities” and there I put the first five which are:
- Harvard University
- University Cambridge
- Stanford University
- University California – Berkeley
- Massachusetts Institute of Technologie (MIT)
So, my goal now was to find at least one XSS Vulnerability in every of the pages of this five elite universities. Now, what should I say, I did it, have a look on it (click to enlarge):
(I’m not going to publish any POC of this vulnerabilities)
Harvard
Cambridge
Stanford
Berkeley
MIT
I think that this little “experiment” shows in a nice way, that we’re also today still not ready to do something against XSS which would really help. And of course here in Switzerland it’s not better at all:
ETH