IBM Websphere Edge Server 3.69/4.0 HTTP Header Injection Vulnerability

2002-10-23T00:00:00
ID EDB-ID:21948
Type exploitdb
Reporter Rapid7
Modified 2002-10-23T00:00:00

Description

IBM Websphere Edge Server 3.69/4.0 HTTP Header Injection Vulnerability. CVE-2002-1168 . Remote exploit for unix platform

                                        
                                            source: http://www.securityfocus.com/bid/6001/info

A vulnerability has been discovered in the Caching Proxy component bundled with the IBM Websphere Edge Server.

Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct a malicious link which contains arbitrary HTML and script code, which will be executed in the header of the website visited by the victim.

Attacks of this nature may make it possible for attackers to steal cookie-based authentication credentials. 

GET /%0a%0dLocation:%20http://www.evil.com/"><img%20src="javascript:alert
(document.domain)">HTTP/1.0