[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IBM Edge Components Caching Proxy XSS Followup

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, vuln@xxxxxxxxxxx
Subject: IBM Edge Components Caching Proxy XSS Followup
From: BugsNotHugs <bugsnothugs@xxxxxxxxx>
Date: Sat, 30 Jun 2012 14:48:31 -0600



Rapid7 probably found this vulnerability on October 23 2002

http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE-2002-1167

They don't show the output and specify it is error message but theinjection method is the same. The update is it works on IBM EdgeComponents Caching Proxy - International English Edition 6.0.2

Reproduce by request nonexistant host and seeing it reflected in errormessage -


GET http://server/";<script>alert('NOHUGS')</script> HTTP/1.0

Prev by Date: Basilic RCE bug
Next by Date: Sun iPlanet Error Page Link Injection
Previous by thread: Re: Basilic RCE bug
Next by thread: Sun iPlanet Error Page Link Injection
Index(es):
- Date
- Thread