Zeus Admin Server v4.1r2 index.fcgi XSS bug

From: euronymous (just-a-userat_private)
Date: Fri Nov 08 2002 - 11:39:24 PST

Next message: Muhammad Faisal Rauf Danka: "XSS in Postnuke Rogue release (0.72)"

Previous message: Nils Reichen: "Cisco PIX SSH/telnet dDOS vulnerability CSCdy51810"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
topic: Zeus Admin Server v4.1r2 index.fcgi XSS bug
product: Zeus Admin Server v4.1r2 for linux/x86
vendor: http://www.zeus.co.uk
risk: very low (authorisation required)
date: 11/8/2k2
discovered by: euronymous /F0KP /HACKRU Team
advisory urls: http://f0kp.iplus.ru/bz/007.txt 
               http://xakep.host.sk/bz/007.txt 
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
	      
description
-----------
in default Zeus installation, you can to access
management interface via http://hostname:9090. 

[you have to enter correct login/password here]

there is some general script, that contain xss bug. 
btw, default management login is `admin'..

sample attack
-------------
http://hostname:9090/apps/web/index.fcgi?servers=
&section=<script>alert(document.cookie)</script>

[it must be in a single string]

shouts: HACKRU Team, DHG, Spoofed Packet, all russian security guyz 
fuck_off: slavomira and other dirty ppl in *.kz

================
im not a lame,
not yet a hacker
================

Next message: Muhammad Faisal Rauf Danka: "XSS in Postnuke Rogue release (0.72)"
Previous message: Nils Reichen: "Cisco PIX SSH/telnet dDOS vulnerability CSCdy51810"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Nov 09 2002 - 09:46:28 PST