exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

tripwire-xss.txt

tripwire-xss.txt
Posted Jan 30, 2008
Authored by Dave Lewis | Site liquidmatrix.org

Tripwire Enterprise/Server version 7.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 09af4065e6fcef87f65af8a2296db2d3e52911057956746f184867eb19febcec

tripwire-xss.txt

Change Mirror Download
Name: Tripwire Enterprise/Server XSS Vulnerability
Release Date: 29 January 2008
Reference: LSD001-2008
Discover: Dave Lewis
Vendor: Tripwire
Product: Tripwire Enterprise/Server Management Web Interface
Systems Affected: version 7.0 (as tested)
NB. Earlier versions are affected as well. Please upgrade.


Risk: Less Critical
Status: Published
Reference:
<a
href="http://www.liquidmatrix.org/blog/2007/12/10/advisory-tripwire-enterprise-xss-vulnerability/">http://www.liquidmatrix.org/blog/2007/12/10/advisory-tripwire...ility/</a>

Description

The Tripwire Enterprise/Server management login page contains a
vulnerability in the login page is susceptible to a cross site scripting
(XSS) attack.

Impact: a remote attacker could execute a XSS attack that could pass
arbitrary html to the user.

Technical Details

Input passed to the URL of the web management login page is not properly
sanitized before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

Fix Information

This issue has been resolved.

The patch may be obtained by customers from:

http://www.tripwire.com (Patch 866 "te-7.0.0.866_patch.zip")


<b>Liquidmatrix Security Digest</b>
http://www.liquidmatrix.org/blog/

2255B Queen Street East
suite 156
Toronto, Ontario
Canada
M4E 1G3
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close