Re: SiteMinder Agent: Cross Site Scripting
Would you explain in detail how this is a successful exploit?
I ran https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=1)alert(document.cookie);}function+drop(){if(0 against the current 6.0.5.11 SiteMinder Web Agent.
This attempt is stopped with the following two errors in the Web Agent log.
1. Error. No redirect target found in namespace.
2. unable to process FCC parameters. Returning SmNoAction.
SiteMinder only causes a redirect to smpwservices.fcc on certain conditions, it's not accessed directly, and it would not generate a URL with a query string that only includes SMAUTHREASON=<value>.
Or are you attempting to replace SMAUTHREASON=<value> with SMAUTHREASON=1)alert(document.cookie);}function+drop(){if(0 in the query string during the normal process with something like burp proxy?
I tested that as well, and the inserted code was ignored and didn't persist to the next step during the process.
討論串 (同標題文章)
完整討論串 (本文為第 2 之 4 篇):