Vulnerability Development mailing list archives

RE: thttpd : Cross Site Scripting.

From: Ory Segal <ORY.SEGAL () SANCTUMINC COM>
Date: Tue, 5 Mar 2002 02:48:06 -0800

NOTE: For some reason the < and > symbols were translated to
HTML entities, this only works of course with the actual < > symbols.

-----Original Message-----
From: frog frog [mailto:leseulfrog () hotmail com]
Sent: Saturday, March 02, 2002 1:01 PM
To: vuln-dev () securityfocus com
Subject: thttpd : Cross Site Scripting.

http://THTTPDHOST/&lt;script&gt;[ANYSCRIPT]&lt;/script&gt;

Version :  thttpd/2.20b 10oct00 and maybe others...
http://www.acme.com/software/thttpd/

If anyone know another version who's vulnerable, 
mail me please...

Sorry for my bad english.
frog-m@n

Current thread:

thttpd : Cross Site Scripting. frog frog (Mar 05)
- <Possible follow-ups>
- RE: thttpd : Cross Site Scripting. Ory Segal (Mar 05)