[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] iGuard Security Access Control System Webserver, Cross Site Scripting (XSS)
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] iGuard Security Access Control System Webserver, Cross Site Scripting (XSS)
- From: usman@xxxxxxxxx
- Date: Wed, 2 May 2012 04:58:58 -0400
Tile
====
iGuard Security Access Control System Webserver, Cross Site Scripting (XSS)
Author
======
Usman Saeed , Xc0re Security Research Group
Website : http://www.xc0re.net
Twitter : http://twitter.com/xc0resecurity
Blog : http://www.xc0re.net/blog
Published :
http://www.xc0re.net/index.php?p=1_25_iGuard-Biometrics-Access-Control-Webserver-XSS
Date
====
2nd , May , 2012
Severity:
=========
Medium
Description
===========
iGuard Biometrics Access Control or iGuard Security Access Control System has
Cross Site Scripting vulnerability in its embedded webserver , iGuard Embedded
Web Server/3.6.7427A.
Previous Vulnerability
======================
The Previous Vulnerability was discovered in 2011, iGuard Biometrics Access
Control cross-site scripting, caused by improper validation of user-supplied
input by the month, record and department modules.
Target iGuard System Scecifications
============================
Device Firmware Version : 3.6.7427A
Device WebServer : iGuard Embedded Web Server/3.6.7427A
Tested on
=========
Windows 7 Professional
Browser Used
=============
Mozilla Firefox 12.0
Vector
======
http://[Remote host]/></font><IFRAME SRC="JAVASCRIPT:alert('XSS Found by Usman
Saeed , Xc0re Security Research Group');">.asp
Copyright © 2012| Xc0re Security Research Group
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/