XSS vulnerability in default (debian etch installation)?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: XSS vulnerability in default (debian etch installation)?
From: matti matti <geonode7@xxxxxxxxx>
Date: Thu, 19 Mar 2009 21:47:10 +0100
Reply-to: users@xxxxxxxxxxxxxxxx

Hi,

If I do in firefox try: http://hostname/%3CScRipT%20%3Ealert(%27test%27)%3B%3C%2FScRipT%20%3E

I get a popup with the text "test", and a:

Not Found

The requested URL / was not found on this server.

I havent got many modules loaded, and added only virtualhosts. This does not work in apache 2.0.x of CentOS 4.6.
Instead of taking this to debian mailinglist, Im asking here because Im very curoius why this works, isnt this a XSS flaw of magnitude, or am I missing something?

Thanks in advance,

Follow-Ups:
- Re: XSS vulnerability in default (debian etch installation)?
  - From: Krist van Besien

Prev by Date: Reducing js file sizes...
Next by Date: Re: Reducing js file sizes...
Previous by thread: Reducing js file sizes...
Next by thread: Re: XSS vulnerability in default (debian etch installation)?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]