Last time we talked about XSS bugs in Junos Space 21.x. This time we'll talk a bit about few XSS bugs I found in Juniper 12.x. Here we go...
Today we'll start here:
Story is pretty simple and very similar to the one described already for Junos Space (here):
Authorized user is able to inject additional HTML/JS code into the application.
TL;DR:
One of the examples I was able to identify - for created reports :
Another example is presented below - configuring SNMP :
In the meantime I was checking log files too. One of the "trace" I found:
Let's finish this post with the "Class of Service" ;) Like below:
Hope you like it. ;)
For more details feel free to visit links presented below:
- https://capec.mitre.org/data/definitions/591.html
- https://capec.mitre.org/data/definitions/592.html
- https://advisory.juniper.net/
See you soon!
Cheers,
Brak komentarzy:
Prześlij komentarz