[VulnWatch] OmniHTTPd test.shtml Cross-Site Scripting Issue

From: Matthew Murphy (mattmurphyat_private)
Date: Sun Aug 25 2002 - 08:54:09 PDT

Next message: Matthew Murphy: "[VulnWatch] More OmniHTTPd Problems"

Previous message: Matthew Murphy: "[VulnWatch] OmniHTTPd test.php Cross-Site Scripting Issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

OmniHTTPd's Test.shtml sample is also vulnerable to a similar issue:

http://localhost/test.shtml?%3CSCRIPT%3Ealert(document.URL)%3C%2FSCRIPT%3E=x

Will pop up an alert containing the above URL.  Of course, this has other
uses (cookie theft, faking sources, etc.)

Next message: Matthew Murphy: "[VulnWatch] More OmniHTTPd Problems"
Previous message: Matthew Murphy: "[VulnWatch] OmniHTTPd test.php Cross-Site Scripting Issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Aug 25 2002 - 12:38:46 PDT