Proof of Concept: ================= 1.1 The exception handling and filter bypass vulnerability can be exploited by remote attackers and local low privileged user account. For demonstration or reproduce ... Module: IPAddressMask - ext-mb-text, ext-gen4185 & ext-gen7196 INJECT: https://127.0.0.1:1338/admin/FEAdmin.html#SysInterfaceCollection
Error:IPAddressMask( 2 ) , IPAddressMask.cpp:14, "Invalid mask:" > AFFECTED: https://127.0.0.1:1338/admin/FEAdmin.html#SysInterfaceCollection Module: Whitelist & Blacklist - Address URL: https://209.87.230.132:1443/admin/FEAdmin.html#PersonalBlackWhiteList
Invalid address: "><[PERSISTENT INJECTED SCRIPT CODE!];)" <="" -="" "=""><[PERSISTENT INJECTED SCRIPT CODE!]") < AFFECTED: https://209.87.230.132:1443/admin/FEAdmin.html#SystemBlackWhiteList Module: Bounce Verification - Username URL: https://209.87.230.132:1443/admin/FEAdmin.html#AsBounceverifyKeyCollection
Invalid user name: ""> 1.2 The persistent vulnerability can be exploited by remote attackers with privileged application account and low required user inter action. For demonstration or reproduce ... Module: Upload or Import - Local Certificate - Certificate name URL: https://209.87.230.132:1443/admin/FEAdmin.html#SysCertificateDetailCollection
[PERSISTENT INJECTED SCRIPT CODE AS CERTIFICATE NAME!]
/[PERSISTENT INJECTED SCRIPT CODE AS CERTIFICATE VIA INFORMATION!]
OK
0
[PERSISTENT INJECTED SCRIPT CODE AS CERTIFICATE NAME!]
[PERSISTENT INJECTED SCRIPT CODE AS CERTIFICATE VIA INFORMATION!]
Default
1