cve/CVE-2011-4749.md at 9997f54ae755a45f2230556ae8e2526bc41223aa

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-07 05:26:37 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms on certain pages under admin/index.php/default.

POC

Reference

http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html

Github

No PoCs found on GitHub currently.

929 B Raw Blame History

CVE-2011-4749

Description

POC

Reference

Github

929 B

Raw Blame History