exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

S21SEC-038-en.txt

S21SEC-038-en.txt
Posted Oct 18, 2007
Authored by Juan de la Fuente Costa, Pablo Seijo Cajaraville | Site s21sec.com

S21sec has discovered a vulnerability in Alcatel Omnivista 4760 that allows injection of javascript code in text variables.

tags | exploit, javascript
SHA-256 | 6f7f01205b0f297adb9952ea0f556e8783078824cb75a59cf72ff44c90f8079c

S21SEC-038-en.txt

Change Mirror Download
##############################################################
- S21Sec Advisory -
##############################################################

Title: Alcatel Omnivista 4760 Cross-Site Scripting
ID: S21SEC-038-en
Severity: Medium -
History: 10.Jun.2007 Vulnerability discovered
20.Jun.2007 Vendor contacted
19.Oct.2007 Advisory released
Authors: Juan de la Fuente Costa (jfuente@s21sec.com)
Pablo Seijo Cajaraville (pseijo@s21sec.com)
URL: http://www.s21sec.com/avisos/s21sec-038-en.txt
Release: Public

[ SUMMARY ]

Alcatel-Lucent OmniVista 4760 is an innovative, modular platform that
provides a suite of network management applications.
This powerful Java-based tool, accessed through a Web browser,
provides centralized management for the OmniPCX Enterprise.

The platform's open architecture enables today's IT managers and
administrators to effectively monitor and maintain the
network, while lowering the company's total cost of ownership. This
suite of network management applications includes:

* LDAP Directory
* Configuration
* Accounting/Performance Management
* Alarm Notification
* Network Topology


[ AFFECTED VERSIONS ]

This vulnerability has been tested in Alcatel Omnivista 4760.


[ DESCRIPTION ]

S21sec has discovered a vulnerability in Alcatel Omnivista 4760 that
allows injecting JavaScript code in text variables.
This issue allows javascript code execution in the user browser.

The identified parameters are: "action" and "Langue"

Parameter: action

URL: http://www.somesite.com/php-bin/Webclient.php?
action=<script>alert("xss")</script>

Parameter: Langue

URL: http://www.somesite.com/?Langue="><script>alert("xss")</script><";


[ WORKAROUND ]

Alcatel-Lucent has released a patch to address this vulnerability.
More info at:
http://www1.alcatel-lucent.com/psirt/statements/2007003/4760xss.htm

[ ACKNOWLEDGMENTS ]

This vulnerability has been discovered and researched by:

- Juan de la Fuente Costa <jfuente@s21sec.com> S21Sec
- Pablo Seijo Cajaraville <pseijo@s21sec.com> S21Sec

With special thanks to:

- Miguel Angel Aguilar Bermejo


[ REFERENCES ]

* S21Sec
http://www.s21sec.com
http://blog.s21sec.com
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close