TUCoPS :: Web :: Apps :: b06-1820.htm

XSS Bug in OpenGear Server Website
XSS Bug in OpenGear Server Website
XSS Bug in OpenGear Server Website


0x0*] Advisory 
=============
Web Penetrated By:- Aditya@Metaeye.Org 
======================================Hit			:- Site Manipulation.
===Vulnerability	:- XSS Injection && CSS Injection OpenGear WebSite
=============BrowserStatus	:- Windows IE 6.0
=============
Injections	:-
==========	   0x01] ' && ""
		   0x02] 
		   0x03] 
Penetrated

0x04] ZeroKnock="www.zeroknock.cjb.net">ZeroKnock 
		   0x05] '';!--"=&{()}
		   0x06] '
		   0x07]  '
			  

				Result:-Opengear.com with alert injection.
		=09
		   0x01] document.domain Injection Yields --> Opengear.com
		   0x02] document.cookie Injection Yields --> Empty string
		   0x03] Remote Linking Is Possible  Working.
		   0x04] The OutBound Attack Is Also Definitive.

Site		:- http://www.Opengear.com 
=======	   
Vulnerable Link:
================ http://www.opengear.com/cm4000_nwcontact.html 


Explanation     :- 
============	=09
[+] Poorly Coded Modules.
[+] No Patch For Ignorance.

		=========================================================	=09

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH