IBM Open Admin Tool version 2.27 suffers from a cross site scripting vulnerability.
f2cc34c4b72913dfa61524d267bd5a1e68c57f89aa2f8947621327db3274eec0“XSS in IBM Open Admin Tool (OAT_2.27_install_windows.exe)”
Product version tested : OAT v2.27
Vendore has been informed : July 27, 2010
They fix the vulnerability on : March 2011
Fixed version: OAT v2.72
Credit : sumit kumar soni (ssummit@gmail.com)
Product Link:
https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=swg-informixfpd&lang=en_US&S_PKG=dl&cp=UTF-8
Tested on windows XP
Open Admin tool For IDS Cross Site Scripting Vulnerability
OpenAdmin Tool is a PHP-based Web browser administration tool for managing one
or more Informix Dynamic Servers. The OpenAdmin Tool for IDS provides the
ability to monitor and administer multiple database IDS server instances from a
single location.
There is a XSS vulnerability exist in its index page for parameter named
informixserver , host & port.
POC:
https://server:8080/openadmin/index.php?act=login&do=dologin&login_admin=Login&groups=1&grouppass=&informixserver=
&host= &port= &username= &userpass= &idsprotocol=onsoctcp&conn_num
Regards
Sumit Kumar Soni
ssummit@gmail.com
https://voidroot.blogspot.com/2011/08/xss-in-ibm-open-admin-tool.html
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed