Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Blue Coat xss

From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Tue, 23 Sep 2008 07:26:38 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jplopezy () gmail com wrote:

There is a security issue in the blue coat.
The problem lies in the "Web Filter", which lets you execute an XSS.
This only affects the Internet Explorer browser. "

as a result, could jump the antivirus scan or make spoofing.

POC

http://www.example.com/file.exe?<script>(1)</script>


I am afraid you need to clarify yourself a bit further. What policy are
you using? What resource(s) besides a ProxySG are you using? (You
mention Webfilter and antivirus.) What versions of SGOS did you test?

In short. Write a report that is clear and not too ambigious to be taken
seriously

Hugo.

- --
hvdkooij () vanderkooij org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

        A: Yes.
        >Q: Are you sure?
        >>A: Because it reverses the logical flow of conversation.
        >>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFI2H4KBvzDRVjxmYERAmOgAKCyqXv/3s0bFBEFTKvhQ6QFi0hCZwCeLiBD
6FKJxRIGrMITOJZcl+LyeUk=
=GR9o
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: