[ python-Bugs-1100201 ] Cross-site scripting on BaseHTTPServer

Sun, 26 Jun 2005 14:35:07 -0700 

Bugs item #1100201, was opened at 2005-01-11 16:04
Message generated for change (Comment added) made by birkenfeld
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1100201&group_id=5470

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Extension Modules
Group: Python 2.3
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Paul Johnston (paj28)
>Assigned to: Reinhold Birkenfeld (birkenfeld)
Summary: Cross-site scripting on BaseHTTPServer

Initial Comment:
Hi,

There is a minor XSS flaw in BaseHTTPServer, in the
default error message, if you try connecting with a bad
method name, e.g.:

pugsley:/srv/www/htdocs # telnet risk 8000
Trying 192.168.3.52...
Connected to risk.
Escape character is '^]'.
<SCRIPT>alert('hello')</SCRIPT> / HTTP/1.0

HTTP/1.0 501 Unsupported method
("<SCRIPT>alert('hello')</SCRIPT>")
Server: SimpleHTTP/0.6 Python/2.3.4
Date: Tue, 11 Jan 2005 15:02:48 GMT
Content-Type: text/html
Connection: close

<head>
<title>Error response</title>
</head>
<body>
<h1>Error response</h1>
<p>Error code 501.
<p>Message: Unsupported method
("<SCRIPT>alert('hello')</SCRIPT>").
<p>Error code explanation: 501 = Server does not
support this operation.
</body>
Connection closed by foreign host.

This is not likely to be a major security risk, but
ideally it should be fixed. In addition it may be that
other error messages exhibit this flaw, I haven't done
a code audit.

Credit for discovery: Richard Moore

Best wishes,

Paul

----------------------------------------------------------------------

>Comment By: Reinhold Birkenfeld (birkenfeld)
Date: 2005-06-26 23:35

Message:
Logged In: YES 
user_id=1188172

Thanks for the report. This is fixed as of
Lib/BaseHTTPServer.py r1.30, r1.29.4.1.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1100201&group_id=5470
_______________________________________________
Python-bugs-list mailing list 
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to