‘Lil’ HTTP Server ‘Referer’ Cross Site Scripting Vulnerability’

Summary

Lil’ HTTP Server is a lightweight web server. The server has been found to contain a vulnerability that would allow an attacker inserting malicious JavaScript into the Referer tag to cause its execution upon the administrator’s viewing of the log files.’

Credit:

‘The information has been provided by SecurITeam Experts.’


Details

Example:
Issuing the following request:
GET / HTTP/1.0
Referer: <script>alert(‘vulnerable’)</script>

Will cause the administrator to execute arbitrary JavaScript upon his viewing of the log files. Since they are run in the My Computer zone, they are executed at high privileges settings.’

Categories: Windows