0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Portwise SSL VPN v4.6 Xss Vulnerabilities

Author

Jan Fry

Risk

[

Security Risk Unsored

]

0day-ID

0day-ID-10974

Category

web applications

Date add

18-02-2010

Platform

unsorted

=========================================
Portwise SSL VPN v4.6 Xss Vulnerabilities
=========================================

PR09-04: Cross-Site Scriting on Portwise SSL VPN v4.6

Vulnerability found: 25th March 2009

Vendor informed: 28th April 2009

Vulnerability fixed:

Severity: Medium

Description:

The Portwise portal login page is vulnerable to XSS. Portwise is a
SSL-VPN portal.


Note: Other version might be affected as well


The following demonstrate XSS:

1) Login page XSS

https://example.com/wa/auth?&authmech=Assess&reloadFrame=%22;%3Cscript%3Eblah%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E



Consequences:

An attacker may be able to cause execution of malicious scripting code
in the browser of a user who clicks on a link to a Portwise Portal-based
site. Such

code would run within the security context of the target domain. This
type of attack can result in non-persistent defacement of the target
site, or the

redirection of confidential information (i.e.: session IDs) to
unauthorised third parties.



Fix:

Ensure all input parameters (especially "reloadFrame") are filtered
sufficiently before beign echoed back to the client.


References:

http://www.procheckup.com/Vulnerabilities.php



Credits: George Christopoulos and Jan Fry of ProCheckUp Ltd
(www.procheckup.com)


Legal:

Copyright 2009 Procheckup Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the

Bulletin is not edited or changed in any way, is attributed to
Procheckup, and provided such reproduction and/or distribution is
performed for non-

commercial purposes.

Any other use of this information is prohibited. Procheckup is not
liable for any misuse of this information by any third party.



#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Portwise SSL VPN v4.6 Xss Vulnerabilities

Report Error

Report Error