CVE-2002-1009

Lil' HTTP Server - Cross-Site Scripting via Name or E-mail Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1009. PoCs published by Matthew Murphy.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Lil' HTTP server via the 'pbcgi.cgi' script. The attacker crafts a malicious URL with embedded JavaScript, which executes in the victim's browser when accessed.

Description

Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) "Name" or (2) "E-mail" parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Matthew Murphy · textremotewindows

https://www.exploit-db.com/exploits/21611

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Lil' HTTP server via the 'pbcgi.cgi' script. The attacker crafts a malicious URL with embedded JavaScript, which executes in the victim's browser when accessed.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Lil' HTTP server (version not specified)

No auth needed

Prerequisites: Victim must visit the crafted URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9548.php

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5211

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-07/0112.html

Scores

EPSS 0.0702

EPSS Percentile 93.3%

Details

Status published

Products (2)

summit_computer_networks/lil_http_server 2.1

summit_computer_networks/lil_http_server 2.2

Published Oct 04, 2002

Tracked Since Feb 18, 2026