7 lines
No EOL
546 B
Text
7 lines
No EOL
546 B
Text
source: http://www.securityfocus.com/bid/5211/info
|
|
|
|
Lil' HTTP server is a web server application for Windows environments and is maintained by Summit Computer Networks.
|
|
|
|
It is possible for attackers to construct a URL to the 'pbcgi.cgi' script which includes scripting code to execute in a user's browser. As a result, when an innocent user follows such a link, the script code will execute within the context of the hosted site.
|
|
|
|
http://localhost:81/pbcgi.cgi?name=Matthew%20Murphy&email=%3CSCRIPT%3Ealert%28%27xss%27%29%3B%3C%2FSCRIPT%3E |