Packeteer Products File Listing XSS

看板Bugtraq作者nnposter.時間18年前 (2008/02/26 02:06)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

Packeteer Products File Listing XSS Product: Packeteer PacketShaper http://www.packeteer.com/products/packetshaper/ Packeteer PolicyCenter http://www.packeteer.com/products/packetshaper/policycenter.cfm The web management interface of several Packeteer products contains a cross-site scripting vulnerability in the file listing function. Parameter FILELIST, specified in an arbitrary page request, is not sufficiently sanitized before it gets embedded in the HTML output of the Error Report page. (The parameter value is limited to 64 characters.) Example: https://(target)/whatever.htm?FILELIST=%3C/script%3E%3Cbody+onLoad=alert(%26quot%3BXSS%26quot%3B)%3E%3Cscript%3E The vulnerability has been identified in version 8.2.2. However, other versions may be also affected. Solution: Do not stay logged into the Packeteer web management interface while browsing other web sites. Found by: nnposter

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 nnposter. 的文章

文章代碼(AID): #17mmEP00 (Bugtraq)