ReadyDesk suffers from a cross site scripting vulnerability.
d933cf2d5240cd1b9fef0c9dff0b3afddcab16f19f6a7204ee5c5a9fe6166cd9# Exploit Title: ReadyDesk Cross Site Scripting
# Date: 19.04.2012
# Author: Sony
# Software Link: http://www.readydesk.com/
# Google Dorks: powered by readydesk
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/04/readydesk-cross-site-scripting.html
..................................................................
Well, we have persistent xss in the "View Existing Tickets".
We can use Demo:
http://www.readydesk.com/demo.asp
http://www.readydesk.com/rd7/customer/rdlogin.aspx (Customer Interface)
But first --> Submit New Ticket (with our xss code). (i think all fields in
the send form)
http://2.bp.blogspot.com/-PE_xdLqvMkM/T5BX2uzXaeI/AAAAAAAABAM/WBZ-PE3JhyU/s1600/ready.JPG
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed