joi, 19 aprilie 2012

ReadyDesk Cross Site Scripting

# Exploit Title: ReadyDesk Cross Site Scripting
# Date: 19.04.2012
# Author: Sony
# Software Link: http://www.readydesk.com/
# Google Dorks: powered by readydesk
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
 http://st2tea.blogspot.com/2012/04/readydesk-cross-site-scripting.html
..................................................................


Well, we have persistent xss in the "View Existing Tickets".

We can use Demo:

http://www.readydesk.com/demo.asp


http://www.readydesk.com/rd7/customer/rdlogin.aspx (Customer Interface)


But first --> Submit New Ticket (with our xss code). (i think all fields in the send form)

 









0 comentarii:

Trimiteți un comentariu

Rețineți: Numai membrii acestui blog pot posta comentarii.