header-logo
Suggest Exploit
vendor:
vqServer
by:
SecurityFocus
7.5
CVSS
HIGH
Script Injection
94
CWE
Product Name: vqServer
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Microsoft Windows
2002

vqServer Default CGI Scripts Injection Vulnerability

vqServer is a HTTP server implemented in Java. vqServer is available on any architecture supporting Java, including Linux and Microsoft Windows. Reportedly, numerous default CGI scripts included with vqServer suffer from script injection issues, including cross site scripting and the ability to inject script code into cookie content.

Mitigation:

Ensure that all user-supplied input is validated and filtered for malicious content.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4573/info

vqServer is a HTTP server implemented in Java. vqServer is available on any architecture supporting Java, including Linux and Microsoft Windows.

Reportedly, numerous default CGI scripts included with vqServer suffer from script injection issues, including cross site scripting and the ability to inject script code into cookie content.

http://localhost/cgi/vq/demos/respond.pl<SCRIPT>alert("I%20should%20not%20be%20able%20to%20do%20this!!!")</SCRIPT>

Navigation

Suggest Exploit

Services By CQR