[26808] in bugtraq
OmniHTTPd test.php Cross-Site Scripting Issue
daemon@ATHENA.MIT.EDU (Matthew Murphy)
Mon Aug 26 10:50:37 2002
Message-ID: <003a01c24c4e$e1d52ec0$e62d1c41@kc.rr.com>
From: "Matthew Murphy" <mattmurphy@kc.rr.com>
To: "BugTraq" <bugtraq@securityfocus.com>,
"Full Disclosure" <full-disclosure@lists.netsys.com>,
"SecurITeam News" <news@securiteam.com>,
"Vuln-Dev" <vuln-dev@securityfocus.com>,
"VulnWatch" <vulnwatch@vulnwatch.org>,
"VulnDiscuss" <vulndiscuss@vulnwatch.org>
Date: Sun, 25 Aug 2002 10:48:39 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
A vulnerability exists in the test.php script of OmniHTTPd. The script
makes a classic coding error -- trusting unsanitized user input. The query
string and cookie values are returned unfiltered. Of most concern, of
course, is the query string:
http://localhost/test.php?%3CSCRIPT%3Ealert%28document.URL%29%3C%2FSCRIPT%3E
=x
The impact of this vulnerability will vary by site. A production site would
most likely *not* have the sample scripts installed, but it would be wise to
check.
"The reason the mainstream is thought
of as a stream is because it is
so shallow."
- Author Unknown
