Home / os / winmobile

AppDynamic 4.3.2.1 Build 57 Cross Site Scripting

Posted on 22 September 2016

============================================================================================================================================= xss in AppDynamic 4.2.3.1 build No. 57 affected Module : policy Creation module affected parameter : policy name tested : Live SaaS server AppDynamic product : Application performance monitoring tools , used to monitor the application performance by agent installed on remote server & give output according to the rules & policy create ( allow create custom policy ) in GUI tool. payload : <script>alert(document.cookie)</script> Security Researcher: Govind Singh aka NullPort ============================================================================================================================================= 1. logged in & Click on Alert & Respond, select Polices & from policies for which application you want to create policies. Click on Create Policy Manually. 2. In Create Policy Give name to the Policy here mine is policy and click on next button. 3. Now click on Create Action a+a from Actions to execute.and press ok 4. Now in Name just simple put your xss payload in Create Diagnostic Session Action & click on ok button. 5. As now policy created with our xss payload now just press save button. 6. As you press on save button payload get execute & you can observe the xss popup with value.

 

TOP