404 error XSS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: 404 error XSS
From: Josh Zlatin-Amishav <josh@xxxxxxxxxx>
Date: Wed, 14 Sep 2005 23:40:07 +0300 (IDT)

The following web servers do not properly sanitize their output when
returning a 404 resource not found error which could be used in a XSS
attack:

Orion 1.3.8Orion 1.4.5CompaqHTTPServer 2.1


PoC: http://localhost/<script>alert('XSS')</script>

--
 - Josh

Prev by Date: Re: [Full-disclosure] Mozilla / Mozilla Firefox authentication weakness
Next by Date: CastleCops ramps up fight against CoolWebSearch/HomeSearch
Previous by thread: Re: [Full-disclosure] Mozilla / Mozilla Firefox authentication weakness
Next by thread: CastleCops ramps up fight against CoolWebSearch/HomeSearch
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux