Exploit ACME Labs thttpd 2.20 - Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21422
Проверка EDB
  1. Пройдено
Автор
FROG
Тип уязвимости
REMOTE
Платформа
LINUX
CVE
cve-2002-0733
Дата публикации
2002-04-25
Код:
source: https://www.securityfocus.com/bid/4601/info

thttpd is a web server product maintained by ACME Labs. thttpd has been compiled for Linux, BSD and Solaris, as well as other Unix like operating systems.

Cross Site Scripting issues has been reported in some versions of thttpd. thttpd fails to check URLs for the presence of script commands when generating error pages, allowing the attacker-supplied code to execute within the context of the hosted site.

It should be noted that this issue was tested on 2.20b, other versions may also be affected by this issue. 

http://www.host.com/<script>[SCRIPT]</script>
 
Источник
www.exploit-db.com

Похожие темы