OmniHTTPd 1.1/2.0.x/2.4 – Sample Application URL Encoded Newline HTML Injection

OmniHTTPd 1.1/2.0.x/2.4 – Sample Application URL Encoded Newline HTML Injection

漏洞ID 1053612 漏洞类型
发布时间 2002-08-26 更新时间 2002-08-26
图片[1]-OmniHTTPd 1.1/2.0.x/2.4 – Sample Application URL Encoded Newline HTML Injection-安全小百科CVE编号 N/A
图片[2]-OmniHTTPd 1.1/2.0.x/2.4 – Sample Application URL Encoded Newline HTML Injection-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/21757
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/5572/info

OmniHTTPD is a webserver for Microsoft Windows operating systems. OmniHTTPD supports a number of CGI extensions which provide dynamic content.

A HTML injection vulnerability has been reported in the '/cgi-bin/redir.exe' sample CGI included with OmniHTTPD. Reportedly, it is possible for an attacker to URL encode the newline character (%0D) and insert malicious HTML code. A vulnerable server receiving a malformed request will return a 302 redirect HTTP response containing the malicious attacker-supplied code. 

http://localhost/cgi-bin/redir.exe?URL=http%3A%2F%2Fwww%2Eyahoo%2Ecom%2F%0D%
0A%0D%0A%3CSCRIPT%3Ealert%28document%2EURL%29%3C%2FSCRIPT%3E

相关推荐: Admanager Content Manipulation Vulnerability

Admanager Content Manipulation Vulnerability 漏洞ID 1102225 漏洞类型 Access Validation Error 发布时间 2002-04-17 更新时间 2002-04-17 CVE编号 N/A C…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享