lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1314701157.21644.YahooMailRC@web95705.mail.in.yahoo.com>
Date: Tue, 30 Aug 2011 16:15:57 +0530 (IST)
From: sk <sk10_0@...oo.com>
To: bugtraq@...urityfocus.com
Subject: XSS in IBM Open Admin Tool

“XSS in IBM Open Admin Tool (OAT_2.27_install_windows.exe)”

Product version tested :  OAT v2.27

Vendore has been informed : July 27, 2010

They fix the vulnerability on : March 2011

Fixed version: OAT v2.72

Credit : sumit kumar soni (ssummit@...il.com)

Product Link: 
 https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=swg-informixfpd&lang=en_US&S_PKG=dl&cp=UTF-8



Tested on windows XP

Open Admin tool For IDS  Cross Site Scripting Vulnerability

OpenAdmin Tool is a PHP-based Web browser administration tool for managing one 
or more Informix Dynamic Servers. The OpenAdmin Tool for IDS provides the 
ability to monitor and administer multiple database IDS server instances from a 
single location.

There is a  XSS vulnerability exist in its index page for parameter named 
informixserver , host & port.

POC:

http://server:8080/openadmin/index.php?act=login&do=dologin&login_admin=Login&groups=1&grouppass=&informixserver=

&host= &port= &username= &userpass= &idsprotocol=onsoctcp&conn_num

 

Regards

Sumit Kumar Soni

ssummit@...il.com
http://voidroot.blogspot.com/2011/08/xss-in-ibm-open-admin-tool.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ