扫码分享
验证:
体验盒子source: https://www.securityfocus.com/bid/51301/info
Astaro Security Gateway is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user.
Astaro Security Gateway 8.1 is vulnerable; other versions may also be affected.
<div style="left: 300px; top: 220px; z-index: 2000; visibility: visible;" class="iPopUp" id="iPopup_2"><div
class="iPopUpTitle">Please confirm:</div><div class="iPopUpText"><p>​​​​​Are you sure
that you want to delete the X509 certificate
with private key object '>"<INCLUDED PERSISTENT SCRIPTCODE HERE!!!">'?</p></iframe></p></div><table border="0"
cellpadding="0" cellspacing="0"><tbody><tr><td style="padding: 2px;"><div id="btnDefault_iPopup_2" class="button"
style="width:
auto; cursor: pointer; color: black; font-weight: bold;"><div class="button_left"></div><div class="button_center"
style="width:
auto;"><span style="font-weight: normal;">OK</span></div><div
class="button_right"></div></div></td>​​​​​<td style="padding:
2px;"><div class="button" style="width: auto; cursor: pointer; color: black;"><div class="button_left"></div><div
class="button_center" style="width: auto;"><span style="font-weight: normal;">Cancel</span></div><div
class="button_right"></div></div></td></tr></tbody></table></div>
../index.dat
体验盒子
