Full title: NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution Exploit Category: web applications Platform: php NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross site scripting payload can be leveraged to execute commands on NorthStar C2 agents. # 0day.today @ http://0day.today/