404 error XSSSep 14 2005 08:40PM Josh Zlatin-Amishav (josh tkos co il)
The following web servers do not properly sanitize their output when
returning a 404 resource not found error which could be used in a XSS
attack:
Orion 1.3.8
Orion 1.4.5
CompaqHTTPServer 2.1
returning a 404 resource not found error which could be used in a XSS
attack:
Orion 1.3.8
Orion 1.4.5
CompaqHTTPServer 2.1
PoC: http://localhost/<script>alert('XSS')</script>
--
- Josh
[ reply ]