Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:



/

fulldisclosure logo Full Disclosure mailing list archives

IBM Edge Components Caching Proxy XSS Followup
From: BugsNotHugs <bugsnothugs () gmail com>
Date: Sat, 30 Jun 2012 14:48:31 -0600


Rapid7 probably found this vulnerability on October 23 2002
http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE- 
2002-1167

They don't show the output and specify it is error message but the 
injection method is the same. The update is it works on IBM Edge 
Components Caching Proxy - International English Edition 6.0.2

Reproduce by request nonexistant host and seeing it reflected in error 
message -

GET http://server/";<script>alert('NOHUGS')</script> HTTP/1.0

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • IBM Edge Components Caching Proxy XSS Followup BugsNotHugs (Jun 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]