[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

404 error XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: 404 error XSS
From: Josh Zlatin-Amishav <josh@xxxxxxxxxx>
Date: Wed, 14 Sep 2005 23:40:07 +0300 (IDT)

The following web servers do not properly sanitize their output when returning a 404 resource not found error which could be used in a XSS attack: Orion 1.3.8 Orion 1.4.5 CompaqHTTPServer 2.1

PoC: http://localhost/<script>alert('XSS')</script>

--
 - Josh

Prev by Date: Re: [Full-disclosure] Mozilla / Mozilla Firefox authentication weakness
Next by Date: CastleCops ramps up fight against CoolWebSearch/HomeSearch
Previous by thread: Re: [Full-disclosure] Mozilla / Mozilla Firefox authentication weakness
Next by thread: CastleCops ramps up fight against CoolWebSearch/HomeSearch
Index(es):
- Date
- Thread