IBM Edge Components Caching Proxy Cross Site Scripting

Posted on 03 July 2012

Rapid7 probably found this vulnerability on October 23 2002 http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE- 2002-1167 They don't show the output and specify it is error message but the injection method is the same. The update is it works on IBM Edge Components Caching Proxy - International English Edition 6.0.2 Reproduce by request nonexistant host and seeing it reflected in error message - GET http://server/"<script>alert('NOHUGS')</script> HTTP/1.0

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Relate Cross Site Scripting
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference

Last 20