=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: XSS in Python Documentation Server product: Python 2.2.2 and 2.3a2 for Win32 vendor: http://www.python.org risk: low date: 04/02/2k3 tested platform: Windows 98 Second Edition discovered by: euronymous /F0KP advisory urls: http://f0kp.iplus.ru/bz/020.en.txt http://f0kp.iplus.ru/bz/020.ru.txt contact email: euronymous@iplus.ru =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= description ----------- Python Documentation Server is listen on port 7464. You can exploit cross-site scripting bug with error page of this server: http://hostname:7464/<script>very_evil_code</script> shouts: R00tC0de, DWC, DHG, HUNGOSH, security.nnov.ru, all russian security guyz!! to kate especially )) f*ck_off: slavomira and other dirty ppl in *.kz $#%&^! k0dsweb f*cking team ================ im not a lame, not yet a hacker ================
