Full Disclosure mailing list archives
Re: Persistent XSS and CSRF on network appliance [subject corrected :) ]
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Wed, 27 Jun 2007 16:38:05 -0400
Due to your extreme uncooperativeness, I will be attempting to brute force the contents of this advisory in the meantime. Thank you. J On Wed, 27 Jun 2007 16:29:43 -0400 pagvac <unknown.pentester () gmail com> wrote:
The file "research.txt" will be provided once the vendor fixes the issues. At that point anyone can check that the hash matches the one included in this post. Thank you. Joey Mengele wrote:Please provide the original content of research.txt so I canverifythat the hash is correct. I will also need the hash of your md5sum.exe. Thanks. J On Wed, 27 Jun 2007 16:02:16 -0400 pagvac <unknown.pentester () gmail com> wrote:The HTTP interface of a network appliance has been researchedandfound to be vulnerable to several persistent XSS and CSRF. Such research was done by pdp (architect) and myself. Weinformedthe vendor and will publish the details when a fix is available. The following is the MD5 hash for the advisory file. $ md5sum.exe research.txt 3db1d71fc3a0eae119617b3b1124206f *research.txt Regards, -- pagvac [http://gnucitizen.org, http://ikwt.com/]-- Click here for to find products that will help grow your smallbusiness.http://tagline.hushmail.com/fc/Ioyw6h4eDJc9UN71zvlsGp4ZGBzvqUZDr59L zooSm6N56gZuYA97Kt/-- pagvac [http://gnucitizen.org, http://ikwt.com/]
-- Click for a free comparison on healthcare coverage and save 100's http://tagline.hushmail.com/fc/Ioyw6h4d8cVJ5gmPcrhhqnHljcbEdlY2ctongGZQzI70rVknLc19WY/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Persistent XSS and CSRF on network appliance [subject corrected :) ] Joey Mengele (Jun 27)
- <Possible follow-ups>
- Re: Persistent XSS and CSRF on network appliance [subject corrected :) ] Joey Mengele (Jun 27)
- Re: Persistent XSS and CSRF on network appliance [subject corrected :) ] Joey Mengele (Jun 27)
- Re: Persistent XSS and CSRF on network appliance [subject corrected :) ] pagvac (Jun 27)
- Re: Persistent XSS and CSRF on network appliance [subject corrected :) ] pagvac (Jun 27)
- Re: Persistent XSS and CSRF on network appliance [subject corrected :) ] Dr. Neal Krawetz PhD (Jun 27)
- Message not available
- Re: Persistent XSS and CSRF on network appliance [subject corrected :) ] Dr. Neal Krawetz PhD (Jun 27)
- Re: Persistent XSS and CSRF on network appliance [subject corrected :) ] coderman (Jun 27)