<<< Date Index >>>     <<< Thread Index >>>

Re: Blue Coat xss



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jplopezy@xxxxxxxxx wrote:
> There is a security issue in the blue coat.
> The problem lies in the "Web Filter", which lets you execute an XSS.
> This only affects the Internet Explorer browser. "
> 
> as a result, could jump the antivirus scan or make spoofing.
> 
> POC
> 
> http://www.example.com/file.exe?<script>(1)</script>

I am afraid you need to clarify yourself a bit further. What policy are
you using? What resource(s) besides a ProxySG are you using? (You
mention Webfilter and antivirus.) What versions of SGOS did you test?

In short. Write a report that is clear and not too ambigious to be taken
seriously

Hugo.

- --
hvdkooij@xxxxxxxxxxxxxxx               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

        A: Yes.
        >Q: Are you sure?
        >>A: Because it reverses the logical flow of conversation.
        >>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFI2H4KBvzDRVjxmYERAmOgAKCyqXv/3s0bFBEFTKvhQ6QFi0hCZwCeLiBD
6FKJxRIGrMITOJZcl+LyeUk=
=GR9o
-----END PGP SIGNATURE-----