Full Disclosure mailing list archives



weblogin software cross site request

Hi, People i discover a cross site request in this Dork: intitle:weblogin intext:"This page will redirect you to:" This cross site request is exploit like this example: http://target/Login:%20Weblogin%20%20This%20page%20will%20redirect%20you%20to<%20 inject any word you want to screen in the webpage>. Or another Poc is for example: http:target?referer=<inject the word or number you want to like view in the page....>. I advice fix this bug because is very easy deface this webpages whith Product:WebLogin Best Regard. Rootktit Pentester. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/

By Date By Thread

Current thread: