OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Matthew Murphy (mattmurphy_at_kc.rr.com)
Date: Thu Jul 11 2002 - 10:58:23 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Recently, I reported on a vulnerability in the Urlcount.cgi script of
    Lil'HTTP Server (Summit Computer Networks). This time, another
    CGI (pbcgi.cgi) has been found vulnerable to cross-site scripting.

    Some versions of this CGI will take the form input you POST/GET
    to it, and break it into name/e-mail. It does not properly sanitize
    the input used in this process, making it vulnerable to cross-site
    scripting attacks.

    Although the entire form data string is not decoded (and thus is
    not vulnerable to XSS in most browsers), the "Name" and "E-mail"
    strings that the CGI creates ARE decoded, resulting in a security
    issue:

    http://localhost:81/pbcgi.cgi?name=Matthew%20Murphy&email=%3CSCRIPT%3Ealert%
    28%27xss%27%29%3B%3C%2FSCRIPT%3E

    Given the lack of a response from PowerBASIC with my previous
    issue, I do not expect the vendor to release a fix anytime soon.

    Vulnerable administrators should remove the pbcgi.cgi application
    from their CGI-BIN folder.

    "The reason the mainstream is thought
    of as a stream is because it is
    so shallow."
                         - Author Unknown