########################################### #APC Switched Rack PDU XSS Vulnerability# #By Jamal Pecou # #jpecou (at) gmail (dot) c0m. # ###############Product Info################# #Product Info(Tested Versions)# Model = AP7932 Harware Revision = B2 #Application Module# Name = rpdu Version = v3.3.3(Tested First) Version = 3.7.0(Current) #APC OS (AOS) Name = aos Version = v3.3.4 ###############Vulnerability################ XSS Vulnerability: The APC Switch RACK PDU web administration login page is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. The script "login1" located in the Forms directory fails to properly sanitize user input data in the login_username field ####################PoC##################### Proof-of-Concept http://<PDU IP>/Forms/login1?login_username=<ScRiPt>alert('hello');</ScRiPt> ################Additional################# Jun 17th 2009 - Vulnerability Discovered Jun 18th 2009 - Contacted Vendor Jun 21st 2009 - APC Creates a ticket and enters finding into bug tracking database. Dec 14th 2009 - APC, no patches released. ###########################################