header-logo
Suggest Exploit
vendor:
Null HTTPd
by:
SecurityFocus
7.5
CVSS
HIGH
Script Injection
94
CWE
Product Name: Null HTTPd
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Windows
2002

NullLogic Null HTTPd Script Injection Vulnerability

NullLogic Null HTTPd is a small multithreaded webserver for Linux and Windows. It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. As a result, when an innocent user follows such a link, the script code will execute within the context of the hosted site.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in webpages.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5603/info

NullLogic Null HTTPd is a small multithreaded webserver for Linux and Windows.

It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. As a result, when an innocent user follows such a link, the script code will execute within the context of the hosted site. 

http://localhost/a?x=<SCRIPT>alert(document.URL)</SCRIPT>