CVE-2002-0148

Internet Information Server 4.0-5.1 - Cross-Site Scripting via HTTP Error Page

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0148. PoCs published by Thor Larholm.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in IIS error pages, where unsanitized user input is reflected in the HTTP error response. The PoC constructs a malicious URL that executes arbitrary JavaScript in the context of the vulnerable site.

Description

Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Thor Larholm · textremotewindows

https://www.exploit-db.com/exploits/21372

View Code ZIP pw:eip

This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in IIS error pages, where unsanitized user input is reflected in the HTTP error response. The PoC constructs a malicious URL that executes arbitrary JavaScript in the context of the vulnerable site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Information Services (IIS)

No auth needed

Prerequisites: Vulnerable IIS server · User interaction (clicking a malicious link)

MITRE ATT&CK