accept no compromises

Nikiara Fraud Management System Cross Site Scripting

Nikiara Fraud Management System Cross Site Scripting
Posted Feb 12, 2010
Authored by thebluegenius

The Nikiara Fraud Management System suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 033c2c402d541000c05d6e6f2eca477f

Nikiara Fraud Management System Cross Site Scripting

Change Mirror Download
--------------------------------------------------------------------
# Exploit Title: Nikiara Fraud Management System XSS Vulnerability
# Date: 10 Feb 2010
# Author: thebluegenius
# Software Link: http://www.subexworld.com/fraud-management.html
# Version: All
# Tested on: Unix | Apache 2.2.4
# CVE : NA

---------------------------------------------------
"Nikara Fraud Management System" XSS vulnerability.
---------------------------------------------------
By :Thebluegenius.
Email :rajsm@isac.org.in
Blog :thebluegenius.com.
---------------------------------------------------

Description:

Nikira Fraud Management System is the next generation fraud management solution built to deliver on a 3-step philosophy of Detect-Investigate-Protect. Nikira detects known fraud types and patterns of unusual behaviour, helps investigate these unusual patterns for potential fraud, and uses the knowledge, thus generated, to upgrade and protect against future intrusions.

The vulnerability lies at client login page. Presently this product is deployed at over 90% of Telecom companies across the world.

------------------
Vulnerability: XSS
------------------

you can execute XSS as given below:

http://IPaddress:port/login/prompt?message=%3Cscript%3Ealert%28%27Reflected%20XSS%27%29%3C/script%3E

-----------------------------------------------------
Greetz Fly Out to:
1] Amforked() : My good friend
2] Aodrulez : for inspiring me
3] www.OrchidSeven.com
4] www.isac.org.in

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close