Bugtraq mailing list archives

Re: SiteMinder Agent: Cross Site Scripting

From: securityfocus () netdevice com
Date: 8 Nov 2007 15:08:57 -0000

Would you explain in detail how this is a successful exploit?

I ran 
https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=1)alert(document.cookie);}function+drop(){if(0
 against the current 6.0.5.11 SiteMinder Web Agent. 

This attempt is stopped with the following two errors in the Web Agent log.
1. Error.  No redirect target found in namespace.
2. unable to process FCC parameters. Returning SmNoAction.

SiteMinder only causes a redirect to smpwservices.fcc on certain conditions, it's not accessed directly, and it would 
not generate a URL with a query string that only includes SMAUTHREASON=<value>.

Or are you attempting to replace SMAUTHREASON=<value> with SMAUTHREASON=1)alert(document.cookie);}function+drop(){if(0 
in the query string during the normal process with something like burp proxy?

I tested that as well, and the inserted code was ignored and didn't persist to the next step during the process.

Current thread:

SiteMinder Agent: Cross Site Scripting Giuseppe Gottardi (Nov 07)
- <Possible follow-ups>
- Re: SiteMinder Agent: Cross Site Scripting securityfocus (Nov 08)
- Re: Re: SiteMinder Agent: Cross Site Scripting overet (Nov 09)
- Re: SiteMinder Agent: Cross Site Scripting Williams, James K (Nov 09)