# Author: loneferret of Offensive Security# Product: PHP Server Monitor# Version: 2.0.1 (and maybe older versions)# Google Dork: intext="Powered by PHP Server Monitor v2.0.1"# (yes people have made this available on the web)# Software Download: http://sourceforge.net/projects/phpservermon/# Tested on: Ubuntu Linux# Software Description# PHP Server Monitor is a script that checks whether the servers on your list are up and running on the selected ports.# It comes with a web based user interface where you can add and remove servers or websites from the MySQL database,# and you can manage users for each server with a mobile number and email address.# On the "Add server" page, you can choose# whether it's a "service" or a "website":# Vulnerability: Stored XSS# Label name or pretty much any other text field such as IP# Inserting html code can pretty much screw up the whole page as well.# PoC: # <script>alert('xss');</script># <script>alert(document.cookie);</script># <iframe>something</iframe># # There are other things I'm sure
