Odd XSS finding

I was hoping someone could shed some light on this odd XSS
vulnerability I uncovered while doing a pentest for a client. The
site is a customer portal and when the below XSS is executed nothing
happens. Basically gives a session error back, nothing interesting
there. But when you kill -9 or End Process on FireFox then reopen
with "Restore Session" the site comes back up to the XSS but dumps
logged in users information.

I cannot replicate this in other browsers nor with Paros, webscarab, SPIKE etc.

https://host/portal/j_acegi_security_check?j_username=%27%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&j_password=d&login=Login

-Chris

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • Re: [Full-disclosure] on xss and its technical merit
    ... detailed technical knowledge of all things xss. ... other's attacks since then. ... "Saying XSS isn't a vulnerability is like like saying a binary that ... (javascript is ONE scripting language and therefore NOT a requirement)). ...
    (Full-Disclosure)
  • Re: [Full-disclosure] on xss and its technical merit
    ... "Saying XSS isn't a vulnerability is like like saying a binary that has a ... "XSS needs javascript, binary needs its own malcode as well." ... (javascript is ONE scripting language and therefore NOT a requirement)). ...
    (Full-Disclosure)
  • [Full-disclosure] dt_guestbook version 1.0f XSS vulnerability
    ... fully-featured message board system with admin interface. ... flaws it is possible for the remote attacker to conduct XSS attacks. ... This vulnerability can be exploited only when PHP register_globals is ... Vulnerability Impact: Attack ...
    (Full-Disclosure)
  • [VulnWatch] Re: New Web Vulnerability - Cross-Site Tracing
    ... then it could pose a significant threat. ... >and the involvement of three parties in XSS (attacker, victim, ... As specific issues in widely-deployed pieces of software become less common, attacks against application components will become more common. ... >But that should only affect how XSS is prioritized as a vulnerability ...
    (VulnWatch)
  • [Full-Disclosure] Re: New Web Vulnerability - Cross-Site Tracing
    ... then it could pose a significant threat. ... >and the involvement of three parties in XSS (attacker, victim, ... As specific issues in widely-deployed pieces of software become less common, attacks against application components will become more common. ... >But that should only affect how XSS is prioritized as a vulnerability ...
    (Full-Disclosure)