NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2003-03

[SCSA-013] Cross Site Scripting vulnerability in testcgi.exe

From: Grégory (gregory.lebrassecurity-corporation.com)
Date: Thu Mar 27 2003 - 08:38:05 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

________________________________________________________________________

Security Corporation Security Advisory [SCSA-013]
________________________________________________________________________

PROGRAM: Ceilidh
HOMEPAGE: http://www.lilikoi.com
VULNERABLE VERSIONS: 2.70 and prior
________________________________________________________________________

DESCRIPTION
________________________________________________________________________

"Ceilidh is a Web-based threaded discussion engine that features
automatic text to HTML conversion, file attachment, e-mail
notification, automatic message expiration, multiple levels of
security and much more."
(direct quote from http://www.lilikoi.com)

DETAILS & EXPLOITS
________________________________________________________________________

¤ Cross Site Scripting :

A exploitable bug was found on Ceilidh which cause script
execution on client's computer by following a crafted url.

This kind of attack known as "Cross-Site Scripting Vulnerability" is
present in testcgi.exe file, an attacker can input specially crafted
links and/or other malicious scripts.

- Exploits :

http://[target]/cgi-bin/testcgi.exe?[hostile_code]

The hostile code could be :

[script]alert("Cookie="+document.cookie)[/script]

(open a window with the cookie of the visitor.)

(replace [] by <>)

SOLUTIONS
________________________________________________________________________

No solution for the moment.

VENDOR STATUS
________________________________________________________________________

The vendor has reportedly been notified.

LINKS
________________________________________________________________________

- http://www.security-corp.org/index.php?ink=4-15-1

- Version Française :
http://www.security-corporation.com/index.php?id=advisories&a=013-FR

------------------------------------------------------------------------
Grégory Le Bras aka GaLiaRePt | http://www.Security-Corporation.com
------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]