XSS in Null HTTPd
From: Matthew Murphy (mattmurphyat_private)
Date: Mon Sep 02 2002 - 09:57:11 PDT
Next message: Michael Scheidell: "[Full-Disclosure] SECNAP Security Alert: Radmin Default install options vulnerability"
Null HTTPd is a simple HTTP server that runs on Win32/Unix systems. It is
quite basic, but offers good CGI support. A vulnerability in Null HTTPd may
allow cross-site scripting via a 404 page:
http://localhost/a?x=