Packeteer Products File Listing XSS
Packeteer Products File Listing XSS
Product:
Packeteer PacketShaper
http://www.packeteer.com/products/packetshaper/
Packeteer PolicyCenter
http://www.packeteer.com/products/packetshaper/policycenter.cfm
The web management interface of several Packeteer products contains a
cross-site scripting vulnerability in the file listing function. Parameter
FILELIST, specified in an arbitrary page request, is not sufficiently sanitized
before it gets embedded in the HTML output of the Error Report page. (The
parameter value is limited to 64 characters.)
Example:
https://(target)/whatever.htm?FILELIST=%3C/script%3E%3Cbody+onLoad=alert(%26quot%3BXSS%26quot%3B)%3E%3Cscript%3E
The vulnerability has been identified in version 8.2.2. However, other versions
may be also affected.
Solution:
Do not stay logged into the Packeteer web management interface while browsing
other web sites.
Found by:
nnposter