3 matches found
tomcat4131-xss.txt
Apache Tomcat/4.1.31 ships with built in examples. One of the example calendar.jsp suffers from input validation error and could be exploited for cross site scriptingand cross site request forgery. XSS http://myserver:myport/examples/jsp/cal/cal2.jsp?time=8am%3cscript%3ealert"XSS!"%3c%2fscript%3e...
Oracle Portal Calendar.JSP HTTP响应分片漏洞
Oracle Portal一般结合Oracle Web Cache使用。缓存最经常使用的URL。 Oracle Portal存在响应分片问题,远程攻击者可以利用漏洞更改服务器缓存内容。 恶意用户通过恶意页面,可更改服务器抓获的缓存内容,可用于伪造COOKIE,用户名密码等数据。 Oracle Portal 10g http://www.oracle.com/index.html http://target/webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-leng...
Oracle Portal 10g HTTP Response Splitting
Oracle Portal/Applications HTTP Response Splitting -------------------------------------------------- Sample: http://target/webapp/jsp/calendar.jsp?enc=iso-8859-10d0aContent-length=120d0a0d0a3Cscript3Ealert'hi'3C/script3E How an attack can be conducted? ------------------------------- Oracle Port...