[VulnWatch] OmniHTTPd test.php Cross-Site Scripting Issue

From: Matthew Murphy (mattmurphy@kc.rr.com)
Date: 08/25/02 

From: "Matthew Murphy" <mattmurphy@kc.rr.com>
To: "BugTraq" <bugtraq@securityfocus.com>, "Full Disclosure" <full-disclosure@lists.netsys.com>, "SecurITeam News" <news@securiteam.com>, "Vuln-Dev" <vuln-dev@securityfocus.com>, "VulnWatch" <vulnwatch@vulnwatch.org>, "VulnDiscuss" <vulndiscuss@vulnwatch.org>
Date: Sun, 25 Aug 2002 10:48:39 -0500

A vulnerability exists in the test.php script of OmniHTTPd. The script
makes a classic coding error -- trusting unsanitized user input. The query
string and cookie values are returned unfiltered. Of most concern, of
course, is the query string:

http://localhost/test.php?%3CSCRIPT%3Ealert%28document.URL%29%3C%2FSCRIPT%3E
=x

The impact of this vulnerability will vary by site. A production site would
most likely *not* have the sample scripts installed, but it would be wise to
check.

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown

Relevant Pages

  • [Full-Disclosure] Yahoo! Messenger 5.6 - Multiple Remote Crashes(yinsthelper.dll)
    ... Application: Yahoo! ... Another vulnerability appears in the "DesktopIcon" property of the object. ... object.DesktopIcon = DesktopIcon As String ...
    (Full-Disclosure)
  • Re: rename files in directory
    ... When I run your script I get an error: " Microsoft VBScript runtime error: ... contain a " - " string. ... as part of the query. ... if the target folder has files with names in a format other ...
    (microsoft.public.scripting.vbscript)
  • Re: rename files in directory
    ... When I run your script I get an error: " Microsoft VBScript runtime error: ... contain a " - " string. ... as part of the query. ...
    (microsoft.public.scripting.vbscript)
  • [UNIX] Multiple Vulnerabilities in Psychoblogger CMS Package
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... There is a Cross-Site-Scripting vulnerability in the script ... Another SQL-Injection vulnerability exists in the comments.php script, ... This string manipulates the SQL query into looking something like this: ...
    (Securiteam)
  • Re: What am I missing?
    ... I did not include the entire script because I did not think I needed to. ... Are we supposed to guess the string ... > query string... ... > Jack Handy wrote: ...
    (microsoft.public.win32.programmer.wmi)