Bugtraq mailing list archives
vqServer Demo Files Cross-Site Scripting
From: "Matthew Murphy" <mattmurphy () kc rr com>
Date: Sun, 21 Apr 2002 10:16:54 -0500
vqServer is a Windows web server written in Java. It is an innovative product, with support internally for Servlets, and external support for many kinds of CGI, (EXE, Perl, ...) However, some of the examples shipped in a default configuration of vqServer contain multiple cross-site scripting vulnerabilities. In one case, it is possible to create a cookie-based(?) attack that persists forever for a specific IP address. This could be used to attack the target via "Cookie Scripting" bugs in many known browsers. Example: (Requires Perl Interpreter) http://localhost/cgi/vq/demos/respond.pl?<SCRIPT>alert("I%20should%20not%20b e%20able%20to%20do%20this!!!")</SCRIPT>
Current thread:
- vqServer Demo Files Cross-Site Scripting Matthew Murphy (Apr 22)