[40307] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

404 error XSS

daemon@ATHENA.MIT.EDU (Josh Zlatin-Amishav)
Thu Sep 15 14:36:21 2005

Date: Wed, 14 Sep 2005 23:40:07 +0300 (IDT)
From: Josh Zlatin-Amishav <josh@tkos.co.il>
To: bugtraq@securityfocus.com
Message-ID: <Pine.LNX.4.61.0509142333530.2184@tamar.homelinux.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

The following web servers do not properly sanitize their output when
returning a 404 resource not found error which could be used in a XSS
attack:
Orion 1.3.8 
Orion 1.4.5 
CompaqHTTPServer 2.1

PoC: http://localhost/<script>alert('XSS')</script>

--
  - Josh


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[40307] in bugtraq

404 error XSS

daemon@ATHENA.MIT.EDU (Josh Zlatin-Amishav)Thu Sep 15 14:36:21 2005

daemon@ATHENA.MIT.EDU (Josh Zlatin-Amishav)
Thu Sep 15 14:36:21 2005