7 lines
No EOL
431 B
Text
7 lines
No EOL
431 B
Text
source: http://www.securityfocus.com/bid/5603/info
|
|
|
|
NullLogic Null HTTPd is a small multithreaded webserver for Linux and Windows.
|
|
|
|
It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. As a result, when an innocent user follows such a link, the script code will execute within the context of the hosted site.
|
|
|
|
http://localhost/a?x=<SCRIPT>alert(document.URL)</SCRIPT> |