ACME Labs thttpd 2.20 - Cross-Site Scripting Vulnerability

2002-04-25T00:00:00
ID EDB-ID:21422
Type exploitdb
Reporter frog
Modified 2002-04-25T00:00:00

Description

ACME Labs thttpd 2.20 Cross-Site Scripting Vulnerability. CVE-2002-0733. Remote exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/4601/info

thttpd is a web server product maintained by ACME Labs. thttpd has been compiled for Linux, BSD and Solaris, as well as other Unix like operating systems.

Cross Site Scripting issues has been reported in some versions of thttpd. thttpd fails to check URLs for the presence of script commands when generating error pages, allowing the attacker-supplied code to execute within the context of the hosted site.

It should be noted that this issue was tested on 2.20b, other versions may also be affected by this issue. 

http://www.host.com/<script>[SCRIPT]</script>