‘Bajie HTTP Server Cross-Site Scripting Vulnerability’

Summary

Bajie server is ‘a fast jspservlet engine and a stand alone http web server. It is the smallest of this kind. Support a wide range of features. It can also act as a servlet/JSP engine plugin for apache or IIS via AJP’. A cross-site scripting vulnerability in the product allows remote attackers to insert malicious HTML and JavaScript into the error message shown by the product.’

Credit:

‘The information has been provided by Luca Ercoli.’


Details

Vulnerable systems:
 * Bajie HTTP Web Server version 0.95zxe
 * Bajie HTTP Web Server version 0.95zxc

Exploit:
http://bajieserver/< script>alert(‘Bajie is not secure’)</script>

Categories: News