The exploit demonstrates an HTML-injection vulnerability in FtpLocate 2.02, where user-supplied input is not properly sanitized. This allows attacker-supplied HTML and script code to execute in the context of the affected browser, potentially leading to credential theft or site manipulation.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:FtpLocate 2.02
No auth needed
Prerequisites:Access to the vulnerable web application