header-logo
Suggest Exploit
vendor:
Lil' HTTP Server
by:
Matthew Murphy
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: Lil' HTTP Server
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: CVE-2002-1390
CPE: a:summit_computer_networks:lil_http_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Lil’ HTTP Server Cross-Site Scripting Vulnerability

Lil' HTTP server is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient input validation. An attacker can construct a malicious URL containing scripting code that will be executed in the user's browser when the URL is accessed.

Mitigation:

Input validation should be performed on all user-supplied data to ensure that it does not contain malicious code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5211/info

Lil' HTTP server is a web server application for Windows environments and is maintained by Summit Computer Networks.

It is possible for attackers to construct a URL to the 'pbcgi.cgi' script which includes scripting code to execute in a user's browser. As a result, when an innocent user follows such a link, the script code will execute within the context of the hosted site. 

http://localhost:81/pbcgi.cgi?name=Matthew%20Murphy&email=%3CSCRIPT%3Ealert%28%27xss%27%29%3B%3C%2FSCRIPT%3E

Navigation

Suggest Exploit

Services By CQR