AOH :: HP Unsorted C :: B1A-1074.HTM

Caucho Technology Resin digest.php Cross Site Scripting Vulnerability



Caucho Technology Resin digest.php Cross Site Scripting Vulnerability
Caucho Technology Resin digest.php Cross Site Scripting Vulnerability



This vulnerability do not need to login.digest.php use the REQUEST method in a wrong way to accept parameters,the malicious user could submit xss code on this page and an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.=0D
=0D
exp:=0D
=0D
http://test.com/resin-admin/digest.php?digest_attempt=1&digest_realm="> 
http://test.com/resin-admin/digest.php?digest_attempt=1&digest_username="> 
=0D
Test on Resin Professional 3.1.5

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.