[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4FEF661F.6080605@gmail.com>
Date: Sat, 30 Jun 2012 14:48:31 -0600
From: BugsNotHugs <bugsnothugs@...il.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
vuln@...unia.com
Subject: IBM Edge Components Caching Proxy XSS Followup
Rapid7 probably found this vulnerability on October 23 2002
http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE-
2002-1167
They don't show the output and specify it is error message but the
injection method is the same. The update is it works on IBM Edge
Components Caching Proxy - International English Edition 6.0.2
Reproduce by request nonexistant host and seeing it reflected in error
message -
GET http://server/"<script>alert('NOHUGS')</script> HTTP/1.0
Powered by blists - more mailing lists