Exploit Websense Enterprise 4/5 - Blocked Sites Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23411
Проверка EDB
  1. Пройдено
Автор
MR. P.TAYLOR
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
null
Дата публикации
2003-12-03
Код:
source: https://www.securityfocus.com/bid/9149/info

Websense Enterprise displays error pages for blocked sites without sufficiently sanitizing HTML and script code from the blocked site URI. This could allow for cross-site scripting attacks if a victim user visits a link to a blocked site that includes hostile HTML and script code. Exploitation could permit theft of cookie-based authentication credentials or other consequences. 

http://[BlockedSite]?<SCRIPT>alert('hello')</SCRIPT>
 
Источник
www.exploit-db.com

Похожие темы