OmniHTTPd's Test.shtml sample is also vulnerable to a similar issue: http://localhost/test.shtml?%3CSCRIPT%3Ealert(document.URL)%3C%2FSCRIPT%3E=x Will pop up an alert containing the above URL. Of course, this has other uses (cookie theft, faking sources, etc.) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Sun Aug 25 2002 - 11:12:41 PDT