AOH :: HP Unsorted T :: BX3294.HTM

TML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script XSS



PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script
PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script



Update:

To exploit this in both firefox and IE requires an extra char ("=") in the end.


Using the same PoC URL we get:

https://target.tld/my.logon.php3?">

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.