Bugtraq mailing list archives
Re: Blue Coat xss
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Tue, 23 Sep 2008 07:26:38 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jplopezy () gmail com wrote:
There is a security issue in the blue coat. The problem lies in the "Web Filter", which lets you execute an XSS. This only affects the Internet Explorer browser. " as a result, could jump the antivirus scan or make spoofing. POC http://www.example.com/file.exe?<script>(1)</script>
I am afraid you need to clarify yourself a bit further. What policy are you using? What resource(s) besides a ProxySG are you using? (You mention Webfilter and antivirus.) What versions of SGOS did you test? In short. Write a report that is clear and not too ambigious to be taken seriously Hugo. - -- hvdkooij () vanderkooij org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFI2H4KBvzDRVjxmYERAmOgAKCyqXv/3s0bFBEFTKvhQ6QFi0hCZwCeLiBD 6FKJxRIGrMITOJZcl+LyeUk= =GR9o -----END PGP SIGNATURE-----
Current thread:
- Blue Coat xss jplopezy (Sep 22)
- Re: Blue Coat xss Hugo van der Kooij (Sep 23)