BugTraq
IBM Edge Components Caching Proxy XSS Followup Jun 30 2012 08:48PM
BugsNotHugs (bugsnothugs gmail com)


Rapid7 probably found this vulnerability on October 23 2002
http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE-
2002-1167

They don't show the output and specify it is error message but the
injection method is the same. The update is it works on IBM Edge
Components Caching Proxy - International English Edition 6.0.2

Reproduce by request nonexistant host and seeing it reflected in error
message -

GET http://server/"<script>alert('NOHUGS')</script> HTTP/1.0

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus