SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

APC 7932 b2 Switched Rack PDU XSS Vulnerability


Arrow  SecurityAlert : 6874
Arrow  CVE : CVE-2009-4406
Arrow  CWE : CWE-79
Arrow  SecurityRisk : Low  Security Risk Low  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Victim interaction required : Yes
Arrow  Exploit Available : No
Arrow  Credit : jpecou
Arrow  Published : 26.12.2009

Arrow  Affected Hardware : apc:ap7932_b2

Arrow  Affected Software : apc:ap7932_b2_firmware:3.3.3
apc:ap7932_b2_firmware:3.7.0



Arrow  Advisory Content :  

###########################################

#APC Switched Rack PDU XSS Vulnerability#
#By Jamal Pecou #
#jpecou (at) gmail (dot) c0m. #

###############Product Info#################

#Product Info(Tested Versions)#
Model = AP7932
Harware Revision = B2

#Application Module#
Name = rpdu
Version = v3.3.3(Tested First)
Version = 3.7.0(Current)

#APC OS (AOS)
Name = aos
Version = v3.3.4

###############Vulnerability################

XSS Vulnerability:

The APC Switch RACK PDU web administration login page is prone to a
cross-site scripting vulnerability because the application fails to
sufficiently sanitize user-supplied input.

The script "login1" located in the Forms directory fails to properly
sanitize user input data in the login_username field

####################PoC#####################

Proof-of-Concept

http://<PDU
IP>/Forms/login1?login_username=<ScRiPt>alert('hello');</ScRiPt>

################Additional#################

Jun 17th 2009 - Vulnerability Discovered

Jun 18th 2009 - Contacted Vendor

Jun 21st 2009 - APC Creates a ticket and enters finding into bug tracking
database.

Dec 14th 2009 - APC, no patches released.

###########################################



Arrow  References :

http://xforce.iss.net/xforce/xfdb/54824
http://www.securitytracker.com/id?1023331
http://www.securityfocus.com/bid/37338
http://www.securityfocus.com/archive/1/archive/1/508468/100/0/threaded
http://www.packetstormsecurity.org/0912-exploits/apc-xss.txt




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server
Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability
PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)
ADT

Protect your family and valuables with Home Security Systems
Copyright © SecurityReason.com. All Rights Reserved.