Re: [FD] weblogin software cross site request
: Dork: intitle:weblogin intext:"This page will redirect you to:" A single site runs this 'WebLogin'. : Product:WebLogin What is the vendor URL? Or there is none, because this is a site-specific issue for lanl.gov. Worse, it has pretty aggressive filtering and will not render script tags, HTML tags, and requires the http:// element it seems. So this is a site specific issue, with no real value or merit, and doesn't apply to anyone else in the world? : Rootktit Pentester. Really? ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
[FD] weblogin software cross site request
Hi, People i discover a cross site request in this Dork: intitle:weblogin intext:"This page will redirect you to:" This cross site request is exploit like this example: http://target/Login:%20Weblogin%20%20This%20page%20will%20redirect%20you%20to<%20 inject any word you want to screen in the webpage>. Or another Poc is for example: http:target?referer=. I advice fix this bug because is very easy deface this webpages whith Product:WebLogin Best Regard. Rootktit Pentester. ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
