https://www.exploit-db.com/exploits/23257
https://cxsecurity.com/issue/WLB-2007100127
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-124

BajieJavaHTTPServer0.95到0.95zxv4版本存在跨站脚本（XSS）漏洞。远程攻击者借助（1）test.txt的字符串查询，（2）custMsg程序的guestName参数，或者（3）CookieExample程序的cookiename参数注入任意web脚本或者HTML。

source: http://www.securityfocus.com/bid/8841/info

Demonstration scripts and servlets that are distributed as part of Bajie HTTP Server have been reported prone to multiple cross-site scripting vulnerabilities.

It has been reported that a remote attacker may construct a malicious link containing script and HTML code to any one of the vulnerable demonstration scripts or servlets on the affected server. If this link is followed the code contained therein will be rendered in the browser of the user who followed the link.

http://www.example.com/cgi/bin/test.txt?<script>alert(document.cookie)</script>
POST /servlet/custMsg?guestName=<script>alert("bang")</script> HTTP/1.0
POST /servlet/CookieExample?cookiename=<script>alert("bang")</script>&cookievalue=&cookiepath=
HTTP/1.0

来源:BID
名称:8841
链接:http://www.securityfocus.com/bid/8841
来源:BUGTRAQ
名称:20031016CSSVulnerabilityinBajieHTTPJServer
链接:http://www.securityfocus.com/archive/1/341452
来源:SREASON
名称:3306
链接:http://securityreason.com/securityalert/3306
来源:SECUNIA
名称:10023
链接:http://secunia.com/advisories/10023
来源:www.geocities.com
链接:http://www.geocities.com/gzhangx/websrv/docs/security.html