| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Aug 2011 16:15:57 +0530 (IST) From: sk <sk10_0@...oo.com> To: bugtraq@...urityfocus.com Subject: XSS in IBM Open Admin Tool “XSS in IBM Open Admin Tool (OAT_2.27_install_windows.exe)” Product version tested : OAT v2.27 Vendore has been informed : July 27, 2010 They fix the vulnerability on : March 2011 Fixed version: OAT v2.72 Credit : sumit kumar soni (ssummit@...il.com) Product Link: https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=swg-informixfpd&lang=en_US&S_PKG=dl&cp=UTF-8 Tested on windows XP Open Admin tool For IDS Cross Site Scripting Vulnerability OpenAdmin Tool is a PHP-based Web browser administration tool for managing one or more Informix Dynamic Servers. The OpenAdmin Tool for IDS provides the ability to monitor and administer multiple database IDS server instances from a single location. There is a XSS vulnerability exist in its index page for parameter named informixserver , host & port. POC: http://server:8080/openadmin/index.php?act=login&do=dologin&login_admin=Login&groups=1&grouppass=&informixserver= &host= &port= &username= &userpass= &idsprotocol=onsoctcp&conn_num Regards Sumit Kumar Soni ssummit@...il.com http://voidroot.blogspot.com/2011/08/xss-in-ibm-open-admin-tool.html
Powered by blists - more mailing lists