header-logo
Suggest Exploit
vendor:
Xitami
by:
SecurityFocus
7.5
CVSS
HIGH
Xitami Error Pages Script Injection
79
CWE
Product Name: Xitami
Affected Version From: Xitami 2.5b
Affected Version To: Xitami 2.5b
Patch Exists: YES
Related CWE: CVE-2002-0678
CPE: o:imatix:xitami
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Xitami Error Pages Script Injection

Xitami is a webserver for Microsoft Windows operating systems. It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. Xitami fails to check URLs for the presence of script commands when generating error pages returned from sample scripts that use Errors.gsl, allowing attacker supplied code to execute. As a result, when an innocent user follows such a link, the script code will execute within the context of the hosted site.

Mitigation:

Upgrade to Xitami 2.5c or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5025/info

Imatix Xitami is a webserver for Microsoft Windows operating systems.

It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages.

Xitami fails to check URLs for the presence of script commands when generating error pages returned from sample scripts that use Errors.gsl, allowing attacker supplied code to execute. As a result, when an innocent user follows such a link, the script code will execute within the context of the hosted site. 

http://www.<IMG%20SRC=""%20ONERROR="alert(document.cookie)">.target.com/error404

Navigation

Suggest Exploit

Services By CQR