Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Netsweeper 4.0.9 - Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#edb#xss#packetstorm#netsweeper
Description

What is "Netsweeper 4.0.9 - Cross-Site Scripting?"

The "Netsweeper 4.0.9 - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in Netsweeper 4.0.9. Netsweeper is a software used for web content filtering and security. This vulnerability allows an attacker to execute arbitrary scripts in the browser of an unsuspecting user. The severity of this vulnerability is classified as high, with a CVSS score of 7.2.

This module was authored by daffainfo.

Impact

If successfully exploited, this cross-site scripting vulnerability in Netsweeper 4.0.9 can lead to various security risks. An attacker can inject malicious scripts into web pages viewed by users, potentially compromising their sensitive information, performing unauthorized actions, or spreading malware.

How the module works?

The "Netsweeper 4.0.9 - Cross-Site Scripting" module works by sending a specific HTTP request to the target server and then analyzing the response. The module checks for the presence of certain patterns in the response body, headers, and the HTTP status code to determine if the vulnerability exists.

Here is an example of an HTTP request used by the module:

GET /webadmin/reporter/view_server_log.php?server=localhost&act=stats&filename=&offset=1&count=1000&sortorder=&log=%3C%2Fscript%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&offset=&sortitem=&filter= HTTP/1.1

The module then applies the following matching conditions:

- The response body must contain the string "</script><script>alert(document.domain)</script>" - The response headers must include the string "text/html" - The HTTP status code must be 200

If all the matching conditions are met, the module reports the presence of the cross-site scripting vulnerability in Netsweeper 4.0.9.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/webadmin/reporter/v...
Matching conditions
word: </script><script>alert(document.domain)<...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability