01 PVE XSS RCE masked

preview_player
Показать описание
An attacker can access every functionality in the web interface of Proxmox VE by executing malicious JavaScript code. One of the features is to execute shell commands. Here is a video demonstrating a possible attack scenario. In the video, the victim logged in to PVE web UI, and then visited a link. A reverse shell of the PVE host was spawned on the attacker's machine.
  1. STAR Labs
Рекомендации по теме
01 PVE XSS 0:00:16

01 PVE XSS RCE masked

GROWI RCE Fullchain 0:00:43

GROWI RCE Fullchain (XSS to RCE)

Craft CMS XSS 0:02:37

Craft CMS XSS to RCE chain | CVE-2021-27902 and CVE-2021-27903 | Bug Bounty

Hacking JavaScript Desktop 0:37:03

Hacking JavaScript Desktop apps with XSS and RCE - Abraham Aranguren [Security Fest 2022]

How Comodo Firewall 0:00:52

How Comodo Firewall Detect (and Response to) JavaScript RCE