Re: SiteMinder Agent: Cross Site Scripting
Would you explain in detail how this is a successful exploit?
I ran
https://www.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=1)alert(document.cookie);}function+drop(){if(0
against the current 6.0.5.11 SiteMinder Web Agent.
This attempt is stopped with the following two errors in the Web Agent log.
1. Error. No redirect target found in namespace.
2. unable to process FCC parameters. Returning SmNoAction.
SiteMinder only causes a redirect to smpwservices.fcc on certain conditions,
it's not accessed directly, and it would not generate a URL with a query string
that only includes SMAUTHREASON=<value>.
Or are you attempting to replace SMAUTHREASON=<value> with
SMAUTHREASON=1)alert(document.cookie);}function+drop(){if(0 in the query string
during the normal process with something like burp proxy?
I tested that as well, and the inserted code was ignored and didn't persist to
the next step during the process.