Exploit Database - Logo

RSA WebID 5.3 - 'IISWebAgentIF.dll' Cross-Site Scripting

EDB-ID: 31411 Author: quentin.berdugo Published: 2008-03-17
CVE: CVE-2008-1470 Type: Webapps Platform: CGI
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/28277/info

RSA WebID is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

RSA WebID 5.3 is vulnerable; other versions may also be affected. 

https://www.example.com/WebID/IISWebAgentIF.dll?stage=useridandpasscode&referrer=Z2F&sessionid=0&authntype=2&username=a&passcode=a&postdata=aaa"%20><SCRIPT>alert(document.cookie)</script><!--
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2008-1470
Trying to match OSVDBs (1): 43844
Other Possible E-DB Search Terms: RSA WebID 5.3,  RSA WebID
Date D V Title Author
2010-02-11 Verified RSA - SecurID Cross-Site Scriptings4squatch
Menu