CacheFlow CacheOS 3.1.x/4.0.x/4.1 Unresolved Domain Cross-Site Scripting Vulnerability

2002-07-24T00:00:00
ID EDB-ID:21649
Type exploitdb
Reporter T.Suzuki
Modified 2002-07-24T00:00:00

Description

CacheFlow CacheOS 3.1.x/4.0.x/4.1 Unresolved Domain Cross Site Scripting Vulnerability. CVE-2002-1060. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/5305/info

CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow.

User supplied data is not sanitized before being included in an unresolved host error page. An attacker may construct a link for a nonexistant subdomain of a valid site, and include malicious JavaScript. If followed, the supplied script code will execute within the context of the requested domain.

http://dummy.example.com/<script>EVIL CODE</script>