Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: b06-1820.htm

XSS Bug in OpenGear Server Website



XSS Bug in OpenGear Server Website
XSS Bug in OpenGear Server Website



0x0*] Advisory 
=============
Web Penetrated By:- Aditya@Metaeye.Org 
======================================Hit			:- Site Manipulation.
===Vulnerability	:- XSS Injection && CSS Injection OpenGear WebSite
=============BrowserStatus	:- Windows IE 6.0
=============
Injections	:-
==========	   0x01] ' && ""
		   0x02] 
		   0x03] 

Penetrated

0x04] ZeroKnock="www.zeroknock.cjb.net">ZeroKnock 0x05] '';!--"=&{()} 0x06] ' 0x07] ' Result:-Opengear.com with alert injection. =09 0x01] document.domain Injection Yields --> Opengear.com 0x02] document.cookie Injection Yields --> Empty string 0x03] Remote Linking Is Possible Working. 0x04] The OutBound Attack Is Also Definitive. Site :- http://www.Opengear.com ======= Vulnerable Link: ================ http://www.opengear.com/cm4000_nwcontact.html Explanation :- ============ =09 [+] Poorly Coded Modules. [+] No Patch For Ignorance. ========================================================= =09


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH