oss-sec mailing list archives

CVE request: XSS on Monkey HTTPD - dirlisting plugin

From: Felipe Pena <felipensp () gmail com>
Date: Fri, 14 Jun 2013 14:21:34 -0300

A vulnerability was found in the Monkey HTTP - dirlisting plugin, which does not
filter file names before printing on HTML page, hence vulnerable to XSS attack.

PoC
----
$ touch "' onmouseover='alert(1);"


Report
------
http://bugs.monkey-project.com/ticket/185


CREDITS
-------
Felipe Pena

--
Regards,
Felipe Pena

Current thread:

CVE request: XSS on Monkey HTTPD - dirlisting plugin Felipe Pena (Jun 14)
- Re: CVE request: XSS on Monkey HTTPD - dirlisting plugin Kurt Seifried (Jun 14)