<<< Date Index >>>     <<< Thread Index >>>

Re: SiteMinder Agent: Cross Site Scripting



Would you explain in detail how this is a successful exploit?

I ran 
https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=1)alert(document.cookie);}function+drop(){if(0
 against the current 6.0.5.11 SiteMinder Web Agent. 

This attempt is stopped with the following two errors in the Web Agent log.
1. Error.  No redirect target found in namespace.
2. unable to process FCC parameters. Returning SmNoAction.

SiteMinder only causes a redirect to smpwservices.fcc on certain conditions, 
it's not accessed directly, and it would not generate a URL with a query string 
that only includes SMAUTHREASON=<value>.

Or are you attempting to replace SMAUTHREASON=<value> with 
SMAUTHREASON=1)alert(document.cookie);}function+drop(){if(0 in the query string 
during the normal process with something like burp proxy?

I tested that as well, and the inserted code was ignored and didn't persist to 
the next step during the process.