XSS in Python Documentation Server

2003-04-05T00:00:00
ID SECURITYVULNS:DOC:4329
Type securityvulns
Reporter Securityvulns
Modified 2003-04-05T00:00:00

Description

=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: XSS in Python Documentation Server product: Python 2.2.2 and 2.3a2 for Win32 vendor: http://www.python.org risk: low date: 04/02/2k3 tested platform: Windows 98 Second Edition discovered by: euronymous /F0KP advisory urls: http://f0kp.iplus.ru/bz/020.en.txt http://f0kp.iplus.ru/bz/020.ru.txt contact email: euronymous@iplus.ru =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=

description

Python Documentation Server is listen on port 7464. You can exploit cross-site scripting bug with error page of this server:

http://hostname:7464/<script>very_evil_code</script>

shouts: R00tC0de, DWC, DHG, HUNGOSH, security.nnov.ru, all russian security guyz!! to kate especially )) fck_off: slavomira and other dirty ppl in .kz $#%&^! k0dsweb f*cking team

================ im not a lame, not yet a hacker ================