[Full-Disclosure] XSS in Null HTTPd
From: Matthew Murphy (mattmurphy@kc.rr.com)
Date: 09/02/02
- Next message: KF: "[Full-Disclosure] Happy Labor Day from Snosoft"
- Previous message: little-brother@hushmail.com: "[Full-Disclosure] Things we should all be aware of."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: mattmurphy@kc.rr.com (Matthew Murphy) Date: Mon, 2 Sep 2002 11:54:25 -0500
Null HTTPd is a simple HTTP server that runs on Win32/Unix systems. It is
quite basic, but offers good CGI support. A vulnerability in Null HTTPd may
allow cross-site scripting via a 404 page:
http://localhost/a?x= You have to place this in the query string so that it doesn't get the
"The reason the mainstream is thought
typical "%xx..." urlencode treatment from the browser. If the code is
encoded in any way, it prevents the vulnerability from working.
of as a stream is because it is
so shallow."
- Author Unknown
Relevant Pages
... Null HTTPd is a simple HTTP server that runs on Win32/Unix systems. ... but offers good CGI support. ... A vulnerability in Null HTTPd may ...
(Bugtraq)
... AN HTTPd is a relatively small, powerful web server designed for Windows ... Vulnerability Description ... Attackers can overwrite any file that the CGI user can access (this userid ...
(Bugtraq)
... AN HTTPd is a relatively small, powerful web server designed for Windows ... Vulnerability Description ... Attackers can overwrite any file that the CGI user can access (this userid ...
(VulnWatch)
... AN HTTPd is a relatively small, powerful web server designed for Windows ... Vulnerability Description ... Attackers can overwrite any file that the CGI user can access (this userid ...
(Full-Disclosure)
... AN HTTPd is a relatively small, powerful web server designed for Windows ... Vulnerability Description ... Attackers can overwrite any file that the CGI user can access (this userid ...
(Full-Disclosure)
