[] NeoSense
E X P L O I T S
title author type platform port cve id

RemotelyAnywhere - Default.HTML Logout Message Injection

Author: Oliver Karow
type: webapps
platform: cgi
port: 
date_added: 2003-12-11 
date_updated: 2012-12-16 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/9202/info

RemotelyAnywhere has been reported prone to a logout message injection weakness. It has been reported that this issue presents itself due to a lack of sufficient restrictions performed by RemotelyAnywhere on user supplied 'reason' URI parameters. If a target user followed a malicious link, an attacker could potentially abuse this weakness, to include arbitrary messages in logout screens. This may aid in social engineering type attacks against the target user.

https://www.example.com:2000/default.html?logout=asdf&reason=Please%20set%20your%20password%20to%20ABC123%20after%20login
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.