BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Caucho Technology Resin digest.php Cross Site Scripting Vulnerability May 18 2010 11:18PM
xuanmumu gmail com
This vulnerability do not need to login.digest.php use the REQUEST method in a wrong way to accept parameters,the malicious user could submit xss code on this page and an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

exp:

http://tes...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus