Skip to content

Monash University

Findings

  1. https://118.138.235.76/
    1. Parameters: next
    2. https://118.138.235.76/logout?next=evil.com
  2. https://pncshub.erc.monash.edu/static/msa/pdf/MSA_PNCS00241.pdf
  3. https://pncshub.erc.monash.edu/static/msa/pdf/

https://unihub.monash.edu/identity/saml/SsoPostRedirect.aspx?id=3&returnUrl=%2Foauth%2Fauth%3Fclient_id%3Dmonash-reporting%26scope%3DJobSeeker.Personal.Details%2520Integrations.Workflows%26response_type%3Dcode%26redirect_uri%3Dhttps%253A%252F%252Freports.monash.careerhub.com.au%252Fapi%252Fsignin%252Fcareerhub%26state%3DCfDJ8JDwP1CnTe9Gjgxhx-0WTewNzdHuI_AgBwJiLtPoPXgVEy1PHHwYOx9eGWw-BF1aFsKlLZbR3TqsuCFoKqiBg9mc-eUn26DsVMqecHE6q4EzZrWEAvgahWsdBQsiFRjmFgFIk2O_Vw2X1gEje7Esv91S-ATbl2nNfGM-QNYakIExhcRn6DJL2io8NQASvFUvdQPKg5wz0mW3c-bzz8RX3fU_IYMUxOw7z7Aquz9G7JuZ0L_KVRX63sDEHoEHy_TM4g

https://unihub.monash.edu/identity/saml/SsoPostRedirect.aspx?id=3&returnUrl=http://evil.com?client_id=monash-reporting&scope=JobSeeker.Personal.Details.Integrations.Workflows&response_type=code

DB_HOST=localhost
DB_DATABASE=homestead
DB_USERNAME=homestead
DB_PASSWORD=secret

Jira Fuzz https://jira.apps.monash.edu https://jira.eng.monash.edu

Test https://pgie.infotech.monash.edu.au/xmlrpc.php

http://baymax.erc.monash.edu/ https://au-east-1.erc.monash.edu/ https://clubs.msa.monash.edu/account/register/guest/