agXchange ESM – ‘ucschcancelproc.jsp’ Open Redirection

• Exploit Database
• 42 阅读

• 作者： Lament
  日期： 2010-03-22
• 类别：

  • webapps
  平台：

  • jsp
• 来源：https://www.exploit-db.com/exploits/33779/

• source: https://www.securityfocus.com/bid/38879/info
  
  agXchange ESM is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input.
  
  A successful exploit may aid in phishing attacks; other attacks are possible. 
  
  http://www.example.com/[agx_application]/pages/ucschcancelproc.jsp?returnpage=http://www.RedirectExample.com