network tracker .95 – Persistent Cross-Site Scripting

• Exploit Database
• 109 阅读

• 作者： G13
  日期： 2011-08-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17694/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

  # Exploit Title: Network Tracker .95 Stored XSS # Date: 08-18-2011 # Author: G13 # Software link: http://networktracker.org/ # Version: .95   ISSUE   The application contains a option which allows anyone to create a user. If this option is left enabled an attacker could launch a stored XSS attack against the vulnerable application   Vulnerability:   Network Tracker does not escape the data entry on the Description and Brand fields of a device.An attacker may enter <script>alert(100);</script> into these fields to cause the exploit.