Agent Tesla Botnet suffers from a cross site scripting vulnerability.
c170c4d163099300f40d75af8844855f539b42a13b5df9177ea5e5f8d09782f0################################
# Exploit Title: Agent Tesla Botnet - Cross Site Scripting Vulnerability
# Google Dork: n/a
# Date: 29/10/2020
# Exploit Author: n4pst3r
# Vendor Homepage: unkn0wn
# Software Link: http://www.agenttesla.com/ ¡ Down !
# Version: unkn0wn
# Tested on: Windows 10, debian 7
# CVE : n/a
################################
# Vuln-Code: http://127.0.0.1/WebPanel/pages/get-log.php
/get-screens.php
/get-webcams.php
<?php echo $_GET['title']; ?>
################################
PoC:
http://127.0.0.1/WebPanel/pages/get-log.php?title=[XSS]
/get-screens.php?title=[XSS]
/get-webcams.php?title=[XSS]
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed