CGI-City's CCLOG USER-AGENT and REFERER Script Injection Vulnerabilities Discovered By BrainRawt (brainrawtat_private) About CCLOG: ------------------ CC Log is a very simple logging script which logs the hits to a single web page. This script is typically useful for logging the hits to the main index page. It collects information like date and time of the hit, browser agent used by the visitor, host IP addresses, and HTTP referrer whenever available. The script logs everything on to an HTML log file which the user can easily view under any browser. This script requires SSI. CCLOG can be downloaded from the following address. http://www.icthus.net/CGI-City/scr_cgicity.shtml#CCLOG Vendor Contact: ---------------- 1-30-03 Emailed cgicityat_private No Response Vulnerability: ---------------- CCLOG's cc_log.pl lacks filtering of any data coming in from the remote host. This data in return is redirected to an html. Due to the lack of input filters, a malicious visitor could inject scripting into that html by falsifying the USER-AGENT and/or the REFERER. This attack would result in the execution of the injected script by anyones browser that views the html. Exploit (POC): ---------------- User-Agent: <script>alert('obvious?')</script> Referer: <script>alert('obvious?')</script> _________________________________________________________________ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
This archive was generated by hypermail 2b30 : Sat Mar 29 2003 - 12:05:53 PST