Written By Michael Brooks Special thanks to str0ke! Affects: Profense Web Application Firewall XSRF and XSS Version: 2.6.2 download http://www.armorlogic.com/download_software.html "Defenses against all OWASP Top Ten vulnerabilities" Too bad it doesn't defend its self against all of these vulnerabilities.... Chaning configuration: DNS, SMTP, NTP servers. Set a (malcious) remote FTP server or SCP server to backup (steal) configuration files. This could be used to steal the configuraitons. Set a remote syslog server to steal the logs Enable SSH Enable SNMP Apply new configurations: Add a proxy: Turn off the Proface machine: Force the Proface server to ping: Could be used to nofiy the attacker that the attack succeeded. reflective xss: https://10.1.1.199:2000/proxy.html?action=manage&main=log&show=deny_log&proxy=>"