IBM Edge Components Caching Proxy Cross Site Scripting

2012-06-30T00:00:00
ID PACKETSTORM:114369
Type packetstorm
Reporter BugsNotHugs
Modified 2012-06-30T00:00:00

Description

                                        
                                            `  
  
Rapid7 probably found this vulnerability on October 23 2002  
http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE-   
2002-1167  
  
They don't show the output and specify it is error message but the   
injection method is the same. The update is it works on IBM Edge   
Components Caching Proxy - International English Edition 6.0.2  
  
Reproduce by request nonexistant host and seeing it reflected in error   
message -  
  
GET http://server/"<script>alert('NOHUGS')</script> HTTP/1.0  
`