Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- From: "Vladimir '3APA3A' Dubrovin" <3APA3A@xxxxxxxxxxxxxxxx>
- Date: Fri, 27 Feb 2009 09:38:20 +0300
Dear Ansgar Wiechers,
--Friday, February 27, 2009, 12:15:50 AM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx:
Just wonder: how can firewall to protect against XSS/response splitting?
AW> You don't give the bad guys access to your UPS's web interface?
In case of non-persistant XSS, form redirection or response splitting
it's YOU are the bad guy who accesses UPS's web interface and another
bad guy can shutdown your UPS by forcing your browser to send required
request to UPS.
--
Skype: Vladimir.Dubrovin
~/ZARAZA http://securityvulns.com/
- References:
- [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- From: Digital Security Research Group
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- From: Vladimir '3APA3A' Dubrovin
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- From: Ansgar Wiechers
- [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- Prev by Date: [ MDVSA-2009:058 ] wireshark
- Next by Date: VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed
- Previous by thread: Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- Next by thread: Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- Index(es):
Relevant Pages
|
