exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

APC Switched Rack PDU Cross Site Scripting

APC Switched Rack PDU Cross Site Scripting
Posted Dec 15, 2009
Authored by Jamal Pecou

The APC Switched Rack PDU suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c74663b043ce34b6f04fd6951f69dcbf99633d632f0599e026cd1f0bc29a903c

APC Switched Rack PDU Cross Site Scripting

Change Mirror Download
###########################################

#APC Switched Rack PDU XSS Vulnerability#
#By Jamal Pecou #
#jpecou (at) gmail (dot) c0m. #

###############Product Info#################

#Product Info(Tested Versions)#
Model = AP7932
Harware Revision = B2

#Application Module#
Name = rpdu
Version = v3.3.3(Tested First)
Version = 3.7.0(Current)

#APC OS (AOS)
Name = aos
Version = v3.3.4

###############Vulnerability################

XSS Vulnerability:

The APC Switch RACK PDU web administration login page is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

The script "login1" located in the Forms directory fails to properly sanitize user input data in the login_username field

####################PoC#####################

Proof-of-Concept

http://<PDU IP>/Forms/login1?login_username=<ScRiPt>alert('hello');</ScRiPt>


################Additional#################

Jun 17th 2009 - Vulnerability Discovered

Jun 18th 2009 - Contacted Vendor

Jun 21st 2009 - APC Creates a ticket and enters finding into bug tracking database.

Dec 14th 2009 - APC, no patches released.

###########################################
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close