Index Server cross-site scripting vulnerability (.htw)
28 Oct. 2000
Summary
Attackers can force the Index Server to return arbitrary HTML content back to a target client. This enables an attack where users steal cookies or other sensitive information, since the HTTP communication is between the target client and the Index server, when it is in fact controlled by the attacker.
This vulnerability poses a great security risk, especially if the browser's JavaScript has been enabled (The problem is even greater in IE).
Credit:
The information has been provided by Georgi Guninski.
By clicking on links, visiting hostile web pages or opening HTML email a target Index Server can be made to return malicious active content. The bug is in the Index Server, but it affects end users. A typical exploit scenario would be stealing cookies that may contain sensitive information.
By embedding this URL in a link or a script, an attacker can launch arbitrary code on a client browser (that has its JavaScript feature enabled), where the code will actually come from the Index Server.
If /default.htm does not exist, another document must be specified (the file must exist).
