'[Full-disclosure] IBM Edge Components Caching Proxy XSS Followup'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] IBM Edge Components Caching Proxy XSS Followup
From:       BugsNotHugs <bugsnothugs () gmail ! com>
Date:       2012-06-30 20:48:31
Message-ID: 4FEF661F.6080605 () gmail ! com
[Download RAW message or body]

Rapid7 probably found this vulnerability on October 23 2002
http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE- 
2002-1167

They don't show the output and specify it is error message but the 
injection method is the same. The update is it works on IBM Edge 
Components Caching Proxy - International English Edition 6.0.2

Reproduce by request nonexistant host and seeing it reflected in error 
message -

GET http://server/"<script>alert('NOHUGS')</script> HTTP/1.0

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic