Agent Tesla Botnet Cross Site Scripting

2020.10.31
Credit: n4pst3r
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

################################ # Exploit Title: Agent Tesla Botnet - Cross Site Scripting Vulnerability # Google Dork: n/a # Date: 29/10/2020 # Exploit Author: n4pst3r # Vendor Homepage: unkn0wn # Software Link: http://www.agenttesla.com/ ยก Down ! # Version: unkn0wn # Tested on: Windows 10, debian 7 # CVE : n/a ################################ # Vuln-Code: http://127.0.0.1/WebPanel/pages/get-log.php /get-screens.php /get-webcams.php <?php echo $_GET['title']; ?> ################################ PoC: http://127.0.0.1/WebPanel/pages/get-log.php?title=[XSS] /get-screens.php?title=[XSS] /get-webcams.php?title=[XSS]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top