PR07-29: Two XSS on Blue Coat ProxySG Management Console
Vulnerability found: 23 July 2007
Vendor informed: 20 August 2007
Vulnerability fixed: 29 October 2007
Advisory publicly released: 1 November 2007
Blue Coat SG400 is vulnerable to a couple of XSS holes.
Vulnerable server-side script / unfiltered parameter: '/Secure/Local/console/install_upload_action/crl_format' / 'name'
Vulnerable server-side script / unfiltered parameter: '/Secure/Local/console/install_upload_from_file.htm' / 'file'
Successfully tested on:
Model: Blue Coat SG400
Software SGOS 184.108.40.206
Software Release ID: 25173
Proof of concept #1:
Proof of concept #2: