BugTraq
XSS in IBM Open Admin Tool Aug 30 2011 10:45AM
sk (sk10_0 yahoo com)
â??XSS in IBM Open Admin Tool (OAT_2.27_install_windows.exe)â?

Product version tested : OAT v2.27

Vendore has been informed : July 27, 2010

They fix the vulnerability on : March 2011

Fixed version: OAT v2.72

Credit : sumit kumar soni (ssummit (at) gmail (dot) com [email concealed])

Product Link:
https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=swg
-informixfpd&lang=en_US&S_PKG=dl&cp=UTF-8

Tested on windows XP

Open Admin tool For IDS Cross Site Scripting Vulnerability

OpenAdmin Tool is a PHP-based Web browser administration tool for managing one
or more Informix Dynamic Servers. The OpenAdmin Tool for IDS provides the
ability to monitor and administer multiple database IDS server instances from a
single location.

There is a XSS vulnerability exist in its index page for parameter named
informixserver , host & port.

POC:

http://server:8080/openadmin/index.php?act=login&do=dologin&login_admin=
Login&groups=1&grouppass=&informixserver=

&host= &port= &username= &userpass= &idsprotocol=onsoctcp&conn_num

Regards

Sumit Kumar Soni

ssummit (at) gmail (dot) com [email concealed]
http://voidroot.blogspot.com/2011/08/xss-in-ibm-open-admin-tool.html

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus