oss-sec mailing list archives
Re: CVE request: XSS on Monkey HTTPD - dirlisting plugin
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 14 Jun 2013 14:01:53 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/14/2013 11:21 AM, Felipe Pena wrote:
A vulnerability was found in the Monkey HTTP - dirlisting plugin, which does not filter file names before printing on HTML page, hence vulnerable to XSS attack. PoC ---- $ touch "' onmouseover='alert(1);" Report ------ http://bugs.monkey-project.com/ticket/185 CREDITS ------- Felipe Pena -- Regards, Felipe Pena
Please use CVE-2013-2181 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRu3axAAoJEBYNRVNeJnmTE9gP/R+VUc9EuW6DDGfd9wmTDF8y yYxdP37NAVwfEo7vHHgwtyK2rRawVxSSbRCN0yWgUNshuBGLxkpuaF3IWAmav3rf ARfh8QSnTj+R8+8SPjxeW+Pn4gGIHpJqLRj+U61denpQ7m7UKQfsqtOn16v8zLt3 kjXdkhvPVC3JZXWzGSFV89CESH3WapVsTyArheRt0d71V34TG9d+uTh9hUl5e+EC Apy4xQ093gVKldPdRh5EFakIOwrL3mmEKjTE2S3lbXe2oNtiBtMVwHDSyF3aMrkJ aEWXGHrfnNctb+MxOIisSSYAmFUMkyJ1uFQUgvJJT8SnWcihmv2NYFkRYmUGWkyR wdQppuIuy+ynnXosZN4Pf+EukDHUh0ryX2QcrV6HBvTj5oLFjLN800zvNZSypdNe wBFAV/ZFSdUCoct9tw3jDKm4LhWj7gG/hqRBrwdUjO2E8vQILzMvCye4lkTCKPO6 FLTdUByPec2k6UVSU/7c0l/x7RI8TF/T85dOiEavTLrYJhv2n5ZVKTmV6ZfZwbNR 1HRuaausC2vwui7NZa1TY1tGD3BVdK/jBYPKNKOFpwFt5udO0WiO9FeDvnUwbAAu xeNPviD3MqhZROU2d1fQdS6e8CTzUhbFxzv1a/NETDKbEMqhtUFMeUJlG21EKaNp lvzoDLMnLwAtgtFdeeSF =secC -----END PGP SIGNATURE-----
Current thread:
- CVE request: XSS on Monkey HTTPD - dirlisting plugin Felipe Pena (Jun 14)
- Re: CVE request: XSS on Monkey HTTPD - dirlisting plugin Kurt Seifried (Jun 14)