Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

APC Network Management Card - Cross-Site Request Forgery / Cross-Site Scripting

Related Vulnerabilities: CVE-2009-1798  
Publish Date: 15 Dec 2009
Author: Jamal Pecou
Source / Download Exploit 
                							

                source: http://www.securityfocus.com/bid/37338/info


The APC Network Management Card is prone to multiple cross-site request-forgery and cross-site scripting vulnerabilities.

An attacker can exploit the cross-site request forgery issues to alter the settings on affected devices, which may lead to further network-based attacks.

The attacker can exploit the cross-site scripting issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible.

Versions prior to the following are vulnerable:

Network Management Card Firmware 3.7.2
Network Management Card Firmware 5.1.1

http://www.example.com/Forms/login1?login_username=<ScRiPt>alert('hello');</ScRiPt>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started