IBM Edge Components Caching Proxy XSS Followup

From: BugsNotHugs <bugsnothugs@gmail.com>
To: full-disclosure@lists.grok.org.uk,bugtraq@securityfocus.com,vuln@secunia.com
Cc:
Subject: IBM Edge Components Caching Proxy XSS Followup
Date:




Rapid7 probably found this vulnerability on October 23 2002
http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE- 
2002-1167

They don't show the output and specify it is error message but the 
injection method is the same. The update is it works on IBM Edge 
Components Caching Proxy - International English Edition 6.0.2

Reproduce by request nonexistant host and seeing it reflected in error 
message -

GET http://server/"<script>alert('NOHUGS')</script> HTTP/1.0





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.