Autor Thema: Fully working Cross Site Scripting Exploit  (Gelesen 1520 mal)

Offline JustFelix

  • Newbie
  • *
  • Beiträge: 1
    • Profil anzeigen
Fully working Cross Site Scripting Exploit
« am: 24.10.2016 19:35 »
You can launch an fully working XSS Attack at /config/admin.cgi if you inject your code in the todo GET parameter by setting it to "[Inject Custom Message Here]<script>[Your injected code here]</script>"
Same goes for the POST parameter.

It will look like this


Offline Profihost - Technik

  • Administrator
  • Hero Member
  • *****
  • Beiträge: 2012
    • Profil anzeigen
Re: Fully working Cross Site Scripting Exploit
« Antwort #1 am: 25.10.2016 10:13 »
Thanks for bringing this to our attention. We will fix this in the next release (ETA next week).
Mit freundlichen Grüßen
Ihr ProfiHost Team

Offline Profihost - Technik

  • Administrator
  • Hero Member
  • *****
  • Beiträge: 2012
    • Profil anzeigen
Re: Fully working Cross Site Scripting Exploit
« Antwort #2 am: 23.11.2016 14:36 »
Fix is rolling at Nov 24 2016. Thanks again!
Mit freundlichen Grüßen
Ihr ProfiHost Team