exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

RiverBed Stingray Traffic Manager 9.6 Cross Site Scripting

RiverBed Stingray Traffic Manager 9.6 Cross Site Scripting
Posted Aug 15, 2014
Authored by William Costa

RiverBed Stingray Traffic Manager virtual appliance version 9.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 253f0ee81ca7854a5f8db376166f8f7beddb893439dd7d79dde6d83271063bc2

RiverBed Stingray Traffic Manager 9.6 Cross Site Scripting

Change Mirror Download
I. VULNERABILITY -------------------------

XSS Reflected vulnerability in RiverBed Stingray Traffic Manager Virtual
Appliance V 9.6

II. BACKGROUND
-------------------------
Silver Peak VX software marries the cost and flexibility benefits of
virtualization with the performance gains associated with Silver Peak WAN
optimization technology.

III. DESCRIPTION
-------------------------
Has been detected a XSS Reflected vulnerability in Riverbed Stingray
Traffic Manager Virtual Appliance V 9.6 "/apps/zxtm/locallog.cgi?logfile="
parameter "logfile" in version 9.6, that allows the execution of arbitrary
HTML/script code to be executed in the context of the victim user's
browser.

IV. PROOF OF CONCEPT
-------------------------
The application does not validate the parameter "logfile"
https://10.200.210.108:9090/apps/zxtm/locallog.cgi?logfile=aaaa<script
>alert(document.cookie);</script>

V. BUSINESS IMPACT

-------------------------

Vulnerability allows the execution of arbitrary HTML/script code to be
executed in the context of the victim user's browser and Session hijacking.

VI. REQUIREMENTS
-----------------------
An Attacker needs to know the IP of the device.
An Administrator needs an authenticated connection to the device.

VII. SYSTEMS AFFECTED -------------------------
Try version 9.6 (patchlevel 9620140312)

VIII. SOLUTION -------------------------
All parameter must be validated. Riverbed not information about fix.


Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close