Bugtraq mailing list archives
Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
From: "Vladimir '3APA3A' Dubrovin" <3APA3A () SECURITY NNOV RU>
Date: Fri, 27 Feb 2009 09:38:20 +0300
Dear Ansgar Wiechers, --Friday, February 27, 2009, 12:15:50 AM, you wrote to bugtraq () securityfocus com:
Just wonder: how can firewall to protect against XSS/response splitting?
AW> You don't give the bad guys access to your UPS's web interface? In case of non-persistant XSS, form redirection or response splitting it's YOU are the bad guy who accesses UPS's web interface and another bad guy can shutdown your UPS by forcing your browser to send required request to UPS. -- Skype: Vladimir.Dubrovin ~/ZARAZA http://securityvulns.com/
Current thread:
- [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Digital Security Research Group (Feb 26)
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Vladimir '3APA3A' Dubrovin (Feb 26)
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Ansgar Wiechers (Feb 26)
- Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Vladimir '3APA3A' Dubrovin (Feb 27)
- Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Alexandr Polyakov (Feb 27)
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Ansgar Wiechers (Feb 26)
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Vladimir '3APA3A' Dubrovin (Feb 26)