<<< Date Index >>> <<< Thread Index >>>

404 error XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: 404 error XSS
From: Josh Zlatin-Amishav <josh@xxxxxxxxxx>
Date: Wed, 14 Sep 2005 23:40:07 +0300 (IDT)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

The following web servers do not properly sanitize their output when
returning a 404 resource not found error which could be used in a XSS
attack:

Orion 1.3.8Orion 1.4.5CompaqHTTPServer 2.1


PoC: http://localhost/<script>alert('XSS')</script>

--
 - Josh

Prev by Date: Re: [Full-disclosure] Mozilla / Mozilla Firefox authentication weakness
Next by Date: CastleCops ramps up fight against CoolWebSearch/HomeSearch
Previous by thread: Re: [Full-disclosure] Mozilla / Mozilla Firefox authentication weakness
Next by thread: CastleCops ramps up fight against CoolWebSearch/HomeSearch
Index(es):
- Date
- Thread