# Exploit Title: ReadyDesk Cross Site Scripting
# Date: 19.04.2012
# Author: Sony
# Software Link: http://www.readydesk.com/
# Google Dorks: powered by readydesk
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/04/readydesk-cross-site-scripting.html
..................................................................
Well, we have persistent xss in the "View Existing Tickets".
We can use Demo:
http://www.readydesk.com/demo.asp
http://www.readydesk.com/rd7/customer/rdlogin.aspx (Customer Interface)
But first --> Submit New Ticket (with our xss code). (i think all fields in the send form)
# Date: 19.04.2012
# Author: Sony
# Software Link: http://www.readydesk.com/
# Google Dorks: powered by readydesk
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/04/readydesk-cross-site-scripting.html
..................................................................
Well, we have persistent xss in the "View Existing Tickets".
We can use Demo:
http://www.readydesk.com/demo.asp
http://www.readydesk.com/rd7/customer/rdlogin.aspx (Customer Interface)
But first --> Submit New Ticket (with our xss code). (i think all fields in the send form)
0 comentarii:
Trimiteți un comentariu
Rețineți: Numai membrii acestui blog pot posta comentarii.