Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Packeteer Products File Listing XSS
From: nnposter () disclosed not
Date: 24 Feb 2008 21:48:43 -0000
Packeteer Products File Listing XSS


Product:

Packeteer PacketShaper
http://www.packeteer.com/products/packetshaper/

Packeteer PolicyCenter
http://www.packeteer.com/products/packetshaper/policycenter.cfm


The web management interface of several Packeteer products contains a cross-site scripting vulnerability in the file 
listing function. Parameter FILELIST, specified in an arbitrary page request, is not sufficiently sanitized before it 
gets embedded in the HTML output of the Error Report page. (The parameter value is limited to 64 characters.)

Example:
https://(target)/whatever.htm?FILELIST=%3C/script%3E%3Cbody+onLoad=alert(%26quot%3BXSS%26quot%3B)%3E%3Cscript%3E


The vulnerability has been identified in version 8.2.2. However, other versions may be also affected.


Solution:
Do not stay logged into the Packeteer web management interface while browsing other web sites.


Found by:
nnposter

  By Date           By Thread  

Current thread:
  • Packeteer Products File Listing XSS nnposter (Feb 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]