27 lines
No EOL
1 KiB
Text
27 lines
No EOL
1 KiB
Text
# Author: loneferret of Offensive Security
|
|
# Product: PHP Server Monitor
|
|
# Version: 2.0.1 (and maybe older versions)
|
|
# Google Dork: intext="Powered by PHP Server Monitor v2.0.1"
|
|
# (yes people have made this available on the web)
|
|
|
|
# Software Download: http://sourceforge.net/projects/phpservermon/
|
|
|
|
# Tested on: Ubuntu Linux
|
|
|
|
# Software Description
|
|
# PHP Server Monitor is a script that checks whether the servers on your list are up and running on the selected ports.
|
|
# It comes with a web based user interface where you can add and remove servers or websites from the MySQL database,
|
|
# and you can manage users for each server with a mobile number and email address.
|
|
# On the "Add server" page, you can choose
|
|
# whether it's a "service" or a "website":
|
|
|
|
# Vulnerability: Stored XSS
|
|
# Label name or pretty much any other text field such as IP
|
|
# Inserting html code can pretty much screw up the whole page as well.
|
|
# PoC:
|
|
# <script>alert('xss');</script>
|
|
# <script>alert(document.cookie);</script>
|
|
# <iframe>something</iframe>
|
|
#
|
|
|
|
# There are other things I'm sure |