Breaking *.UCSB.edu for Fun
I wrote a black box XSS scanner and I scanned 22.214.171.124/16 (UCSB network). The scanner found a few XSS at sbfel3.ucsb.edu.
The vulnerability is somehow straightforward: old site + old technology = XSS. It is likely not important but popping up something at *.ucsb.edu gives me pleasure to no end :)
Using CSRF to trigger the self-XSS.
Hosted at https://scf.so/assets/ucsb-xss.html