Siteminder notes

From Rory.wiki

Jump to: navigation, search

Older versions of siteminder have a reflected XSS in login.fcc. The target parameter specifies the page on the app that the user is sent to after auth. The input isn't validated.

From the CVE databases it looks like there may also be arbitrary redirection in there.

Retrieved from "http://wiki.mccune.org.uk/index.php/Siteminder_notes"
Personal tools