XSS in Python Documentation Server

From: euronymous (just-a-user@yandex.ru)
Date: 04/02/03

  • Next message: Peter Pentchev: "Re: Positive Technologies Security Advisory 2003-0307: DoS-attack in Kerio WinRoute Firewall"
    Date:	Wed, 2 Apr 2003 20:07:09 +0400 (MSD)
    From: "euronymous" <just-a-user@yandex.ru>
    To: vuln@security.nnov.ru, bugtraq@securityfocus.com
    
    

    =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
    topic: XSS in Python Documentation Server
    product: Python 2.2.2 and 2.3a2 for Win32
    vendor: http://www.python.org
    risk: low
    date: 04/02/2k3
    tested platform: Windows 98 Second Edition
    discovered by: euronymous /F0KP
    advisory urls: http://f0kp.iplus.ru/bz/020.en.txt
                   http://f0kp.iplus.ru/bz/020.ru.txt
    contact email: euronymous@iplus.ru
    =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=

    description
    -----------

    Python Documentation Server is listen on port 7464.
    You can exploit cross-site scripting bug with error
    page of this server:

    http://hostname:7464/>very_evil_code</script>

    shouts: R00tC0de, DWC, DHG, HUNGOSH, security.nnov.ru,
    all russian security guyz!! to kate especially ))
    f*ck_off: slavomira and other dirty ppl in *.kz $#%&^!
    k0dsweb f*cking team

    ================
    im not a lame,
    not yet a hacker
    ================


  • Next message: Peter Pentchev: "Re: Positive Technologies Security Advisory 2003-0307: DoS-attack in Kerio WinRoute Firewall"