RSA Authentication Agent for Web 5.3 - URI Redirection Vulnerability

2008-04-23T00:00:00
ID EDB-ID:31699
Type exploitdb
Reporter Richard Brain
Modified 2008-04-23T00:00:00

Description

RSA Authentication Agent for Web 5.3 URI Redirection Vulnerability. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/28907/info

RSA Authentication Agent for Web is prone to a remote URI-redirection vulnerability because the application fails to adequately sanitize user-supplied input.

A successful attack may aid in phishing-style attacks.

This issue affects RSA Authentication Agent for Web for Internet Information Services 5.3.0.258. Other versions may also be affected.

https://www.example.com/WebID/IISWebAgentIF.dll?Redirect?url=ftp://www.example2.com/index.htm