TUCoPS :: HP Unsorted T :: bx3294.htm

TML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script XSS
PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script
PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script



Update:

To exploit this in both firefox and IE requires an extra char ("=") in the end.


Using the same PoC URL we get:

https://target.tld/my.logon.php3?">

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH