Astaro Security Linux 5 Cross Site Scripting

Type packetstorm
Reporter Vincent Hautot
Modified 2010-03-23T00:00:00


                                            `Program : Astaro Security Linux v5  
PoC : XSS  
Homepage :  
Found by : Vincent Hautot  
Contact : v.hautot () sysdream com  
//----- Application description  
Astaro Security Linux is a complete network security solution that  
protects organizations against a wide range of threats to security  
and productivity.  
//----- Description of vulnerability  
This Xss was found on index.fpl page in the login form. Usig this flaw  
it is possible to execute Javascript code.  
Posting using multipart/form-data does not work ; use this data instead:  
username=my@fucking.mail&password=DTC&SID=>"><script>alert("XSS !!!")</script>  
//----- Credits