Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Persistent XSS and CSRF on network appliance [subject corrected :) ]
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Wed, 27 Jun 2007 16:38:05 -0400

Due to your extreme uncooperativeness, I will be attempting to
brute force the contents of this advisory in the meantime. Thank
you.

J

On Wed, 27 Jun 2007 16:29:43 -0400 pagvac 
<unknown.pentester () gmail com> wrote:
The file "research.txt" will be provided once the vendor fixes the
issues. At that point anyone can check that the hash matches the 
one
included in this post.

Thank you.

Joey Mengele wrote:
Please provide the original content of research.txt so I can 
verify
that the hash is correct. I will also need the hash of your
md5sum.exe. Thanks.

J

On Wed, 27 Jun 2007 16:02:16 -0400 pagvac
<unknown.pentester () gmail com> wrote:
The HTTP interface of a network appliance has been researched 
and
found to be vulnerable to several persistent XSS and CSRF.

Such research was done by pdp (architect) and myself. We 
informed
the
vendor and will publish the details when a fix is available.

The following is the MD5 hash for the advisory file.

$ md5sum.exe research.txt
3db1d71fc3a0eae119617b3b1124206f  *research.txt

Regards,

--
pagvac
[http://gnucitizen.org, http://ikwt.com/]

--
Click here for to find products that will help grow your small 
business.

http://tagline.hushmail.com/fc/Ioyw6h4eDJc9UN71zvlsGp4ZGBzvqUZDr59L
zooSm6N56gZuYA97Kt/




--
pagvac
[http://gnucitizen.org, http://ikwt.com/]

--
Click for a free comparison on healthcare coverage and save 100's 
http://tagline.hushmail.com/fc/Ioyw6h4d8cVJ5gmPcrhhqnHljcbEdlY2ctongGZQzI70rVknLc19WY/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]