‘Lil’ HTTP Server ‘Referer’ Cross Site Scripting Vulnerability’


Lil’ HTTP Server is a lightweight web server. The server has been found to contain a vulnerability that would allow an attacker inserting malicious JavaScript into the Referer tag to cause its execution upon the administrator’s viewing of the log files.’


‘The information has been provided by SecurITeam Experts.’


Issuing the following request:
GET / HTTP/1.0
Referer: <script>alert(‘vulnerable’)</script>

Will cause the administrator to execute arbitrary JavaScript upon his viewing of the log files. Since they are run in the My Computer zone, they are executed at high privileges settings.’

Categories: Windows