Wednesday, January 29, 2014

AlgoSec Firewall Analyzer /BusinessFlow/login message Parameter Reflected XSS


AlgoSec Firewall Analyzer /BusinessFlow/login message Parameter Reflected XSS



lgoSec Firewall Analyzer Version v6.1-b86 cross-site scripting (XSS)
Vulnerability

================================================================================================================================================================

AlgoSec Firewall Analyzer Version v6.1-b86 cross-site
scripting (XSS) Vulnerability
================================================================================================================================================================


#Date- 7/8/2013

# code by Asheesh kumar Mani Tripathi

http://www.securityfocus.com/bid/61733


# Credit by Asheesh Anaconda



#Vulnerbility
AlgoSec Firewall Analyzer is prone to an cross-site scripting (XSS)
Vulnerability because the application fails to properly
sanitize user-supplied input

#Impact
A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities

AlgoSec Firewall Analyzer /afa/php/Login.php URI Reflected XSS



AlgoSec Firewall Analyzer /afa/php/Login.php URI Reflected XSS

http://www.securityfocus.com/bid/61733


================================================================================================================================================================

AlgoSec Firewall Analyzer Version v6.4 cross-site scripting (XSS) Vulnerability
================================================================================================================================================================


#Date- 21/8/2013

# code by Asheesh kumar Mani Tripathi



# Credit by Asheesh Anaconda



#Vulnerbility
AlgoSec Firewall Analyzer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities


ManageEngine EventLog Analyzer event/j_security_check j_username Parameter Reflected XSS

ManageEngine EventLog Analyzer event/j_security_check j_username Parameter Reflected XSS
================================================================================================================================================================

ManageEngine EventLog Analyzer 8.6 cross-site scripting (XSS) Vulnerability
================================================================================================================================================================


#Date- 12/12/2013

# code by Asheesh kumar Mani Tripathi

http://www.osvdb.org/show/osvdb/102270
http://www.osvdb.org/show/osvdb/102270



# Credit by Asheesh Anaconda



#Vulnerbility
ManageEngine EventLog Analyzer 8.6 is prone to an cross-site scripting (XSS) Vulnerability because the application fails to properly
sanitize user-supplied input

#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities

Wednesday, August 21, 2013

McAfee® Vulnerability Manager 7.5 cross-site scripting (XSS) Vulnerability

http://www.securityfocus.com/bid/58401/info

http://www.tenable.com/plugins/index.php?view=single&id=65738
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5094


#Date- 8/3/2013

# code by Asheesh kumar Mani Tripathi



# Credit by Asheesh Anaconda



#Vulnerbility
McAfee® Vulnerability Manager 7.5 is prone to an cross-site scripting (XSS) Vulnerability because the application fails to properly
sanitize user-supplied input

#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities


========================================================================================================================

Request
========================================================================================================================


GET /index.exp HTTP/1.1
Cookie: identity=p805oa53c0dab5vpcv1da30me7; cert_cn=%27%22%28%29%26%251%3CScRiPt %3Eprompt%28920847%29%3C%2FScRiPt%3E; remember=remember
Host: 172.28.1.1
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*

Sunday, March 10, 2013

SonicWALL Aventail 'CategoryID' Parameter SQL Injection Vulnerability

SonicWALL Aventail is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Further research conducted by the vendor indicates this issue may not be a vulnerability affecting the application

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5262


Monday, July 30, 2012

Windows 7 - Unable to install any USB devices

Here's the solution for the ones who might have this problem:
This worked for me in Windows 7 Ultimate 64bit!
You must have all administrator privileges!

1- Open Windows Explorer

2- Go to C:/Windows/System32/DriverStore


You will have a couple of folders and files.
You will have *.dat files and other file named: infcache.1

3- Right click every file (dont touch the folders!) and choose properties.

4- go to security tab

5- click Edit

6- choose your account and check the box: full control (see ss)

7- Click ok.

8- Repeat to every file

9- Select all the files (*.dat and infcache.1)

10- Press shift+del

11- Press OK.

12- Now, go to C:Windows/System32/Driver Store/File Repository/

13- Search for folder named usbstor.inf

14- Open it (if you have more than one, choose the most recent)

15- Copy "usbstor.inf" and "usbstor.PNF"

16- Paste those two files to C:/Windows/inf

17- Reboot your pc and voilla! :b

Sunday, April 1, 2012

BT5 password for postgresql

root@bt:/opt/framework/config# cat database.yml production: adapter: postgresql database: msf3 username: msf3 password: eccd8310 host: 127.0.0.1 port: 7175 pool: 75 timeout: 5