Full Disclosure mailing list archives
IBM Edge Components Caching Proxy XSS Followup
From: BugsNotHugs <bugsnothugs () gmail com>
Date: Sat, 30 Jun 2012 14:48:31 -0600
Rapid7 probably found this vulnerability on October 23 2002 http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE- 2002-1167 They don't show the output and specify it is error message but the injection method is the same. The update is it works on IBM Edge Components Caching Proxy - International English Edition 6.0.2 Reproduce by request nonexistant host and seeing it reflected in error message - GET http://server/"<script>alert('NOHUGS')</script> HTTP/1.0 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- IBM Edge Components Caching Proxy XSS Followup BugsNotHugs (Jun 30)