Login| Registreer
Onthoud mij?

Likes

Likes: 0

Resultaten 1 tot 1 van de 1

Onderwerp Gereedschap
Toon
- Lineaire Modus
- Schakel over naar Hybride Modus
- Schakel over naar Onderwerp Modus

Geen

Onderwerp: Packeteer Products File Listing XSS

#1

nnposter@disclosed.not 25/02/08 19:15

Gast
n/a Berichten
Berichten zijn liked

Thread Starter

Packeteer Products File Listing XSS

Packeteer Products File Listing XSS

Product:

Packeteer PacketShaper
http://www.packeteer.com/products/packetshaper/

Packeteer PolicyCenter
http://www.packeteer.com/products/pa...licycenter.cfm

The web management interface of several Packeteer products contains a cross-site scripting vulnerability in the file listing function. Parameter FILELIST, specified in an arbitrary page request, is not sufficiently sanitized before it gets embedded in the HTML output of the Error Report page. (The parameter value is limited to 64 characters.)

Example:
https://(target)/whatever.htm?FILELI...3E%3Cscript%3E

The vulnerability has been identified in version 8.2.2. However, other versions may be also affected.

Solution:
Do not stay logged into the Packeteer web management interface while browsing other web sites.

Found by:
nnposter

Quote

Snelle Navigatie Bugtraq mailing lijst Top

« Vorig Onderwerp | Volgend Onderwerp »

Webhostingtalk.nl

Link met ons

Partners

Contact

Rokin 113-115
1012 KP, Amsterdam
Nederland
Contact

© Copyright 2001-2021 Webhostingtalk.nl.

Alle tijden zijn GMT +2.
Het is nu 22:31.