Packeteer Products File Listing XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Packeteer Products File Listing XSS
From: nnposter@xxxxxxxxxxxxx
Date: 24 Feb 2008 21:48:43 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Packeteer Products File Listing XSS


Product:

Packeteer PacketShaper
http://www.packeteer.com/products/packetshaper/

Packeteer PolicyCenter
http://www.packeteer.com/products/packetshaper/policycenter.cfm


The web management interface of several Packeteer products contains a 
cross-site scripting vulnerability in the file listing function. Parameter 
FILELIST, specified in an arbitrary page request, is not sufficiently sanitized 
before it gets embedded in the HTML output of the Error Report page. (The 
parameter value is limited to 64 characters.)

Example:
https://(target)/whatever.htm?FILELIST=%3C/script%3E%3Cbody+onLoad=alert(%26quot%3BXSS%26quot%3B)%3E%3Cscript%3E


The vulnerability has been identified in version 8.2.2. However, other versions 
may be also affected.


Solution:
Do not stay logged into the Packeteer web management interface while browsing 
other web sites.


Found by:
nnposter

Prev by Date: [SECURITY] [DSA 1506-1] New iceape packages fix several vulnerabilities
Next by Date: [ GLSA 200802-10 ] Python: PCRE Integer overflow
Previous by thread: [SECURITY] [DSA 1506-1] New iceape packages fix several vulnerabilities
Next by thread: [ GLSA 200802-10 ] Python: PCRE Integer overflow
Index(es):
- Date
- Thread