Here is what the system claims the actual exploit looks like> HTTP/1.0 301 Moved Permanently Location: https://<domain>.com:7443/"><script>alert(document.domain)</script>.html Content-Type: text/html Content-Length: 264
<html><head><title>Redirect</title></head><body> Redirect You should go to <script>alert(document.domain)</script>.html">https://<domain>.com:7443/"><script>alert(document.domain)</script>.html (https://<domain>.com:7443/)</p></body></html> GET /"><script>alert(document.domain)</script>.html HTTP/1.0 Host: <ip>:7080 User-Agent: QualysGuard On Thu, Nov 17, 2011 at 5:07 PM, Kevin Bowling <[email protected]> wrote: > Hi, > > This is very low risk because any browser that doesn't obey the HTTP > 301 code is likely ancient and vulnerable. > > One place this matters is automated scanning tools. I have a system > that is being audited for PCI compliance by a tool from qualys which > is basically a glorified port scanner. It passes in a > <script></script> nonsense on the URL and sure enough pound repeats > this in the document fallback if the HTTP 301 redirect is not obeyed. > > It is a bad idea, the URL should be scrubbed (hard), or simply > repeated without an <a href=...> and let the user figure it out? > > Regards, > Kevin > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
