Exploit Imatix Xitami 2.5 - GSL Template Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21554
Проверка EDB
  1. Пройдено
Автор
MATTHEW MURPHY
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2002-1965
Дата публикации
2002-06-14
Код:
source: https://www.securityfocus.com/bid/5025/info

Imatix Xitami is a webserver for Microsoft Windows operating systems.

It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages.

Xitami fails to check URLs for the presence of script commands when generating error pages returned from sample scripts that use Errors.gsl, allowing attacker supplied code to execute. As a result, when an innocent user follows such a link, the script code will execute within the context of the hosted site. 

http://www.<IMG%20SRC=""%20ONERROR="alert(document.cookie)">.target.com/error404
 
Источник
www.exploit-db.com

Похожие темы