|
|
OmniHTTPD Sample Application URL Encoded Newline HTML Injection Vulnerability
There is no exploit code required. The following proof of concept was provided by "Matthew Murphy" <mattmurphy@kc.rr.com>: http://localhost/cgi-bin/redir.exe?URL=http%3A%2F%2Fwww%2Eyahoo%2Ecom%2F%0D% 0A%0D%0A%3CSCRIPT%3Ealert%28document%2EURL%29%3C%2FSCRIPT%3E |
|
Privacy Statement |