Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: bajiexss.txt

CSS Vulnerability in Bajie HTTP JServer

CSS Vulnerability in Bajie HTTP JServer

Even though the cross-site-scripting vulnerability published under BID 7344
was fixed with 
Built 0.95zxe1, the current version of Bajie HTTP Jserver is still
vulnerable to 
cross-site-scripting attacks. 

Vulnerable versions:

The latest version BajieJSrv/0.95zxv4 and probably older ones.


The cross side scripting vulnerability can easily be demonstrated with a web

alert(document.cookie)</script"http://localhost/cgi/bin/test.txt?<script>alert(document.cookie)</script <http://localhost/cgi/bin/test.txt?<script>>

The following css's can be demonstrated either by inserting code into the
with a browser,or sending via netcat a string like:

POST /servlet/custMsg?guestName=<script>alert("bang")</script> HTTP/1.0



Name: Gang Zhang ( <>)
Homepage: <>

Discovered by/Credit:

16.10.2003 Oliver Karow (oliver.karow[at]

NEU FR ALLE - GMX MediaCenter - fr Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gru, GMX FotoService

Jetzt kostenlos anmelden unter <>

+++ GMX - die erste Adresse fr Mail, Message, More! +++

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH