Web Vuln Notes

From Rory.wiki

Jump to: navigation, search

Here's a list of vulns I've come across, so I don't need to go looking for them again.


IBM Websphere Portal Server

There's a cross-site scripting issue in the Web Content Management login page for Websphere portal server. First off the URL is server:port/wps/wcm/webinterface/login/login.asp

The vector's pretty straightforward, but only seems to work on IE. Burp Scanner should find it ok if you point it at the page.

login.jsp?Lorem=ipsum9a5c0"><script>alert("xss")</script>b8ba52ef710<"

Retrieved from "http://wiki.mccune.org.uk/index.php/Web_Vuln_Notes"