|
|
| |
| RemotelyAnywhere allows fast and secure remote access to your PC from any Web browser, giving you complete access to your files and desktop applications. A cross-site scripting vulnerability has been found in the product allowing remote attacker to insert malicious content into the login screen (That could fool the user into doing things he would not normally do). |
| |
Credit:
The information has been provided by Oliver Karow.
|
| |
Vulnerable systems:
* RemotelyAnywhere Enterprise Edition
* RemotelyAnywhere version 5.21.422 (Personal Edition)
Exploit:
The following URL, https://host:2000/default.html?logout=asdf&reason=Please%20set%20your%20password%20to%20ABC123%20after%20login will trigger a popup that can mislead a user into changing his password.
|
|
|
|
|
