Full title: NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution Exploit 
Category: web applications
Platform: php
NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross site scripting payload can be leveraged to execute commands on NorthStar C2 agents.

# 0day.today @ http://0day.today/