SHUT UP PDP SEND XSS TO SECURITY BASICS
On 10/22/07, SkyOut <[EMAIL PROTECTED]> wrote: > > ----------------------------- > || WWW.SMASH-THE-STACK.NET || > ----------------------------- > > || ADVISORY: IFNET.IT WEBIF XSS VULNERABILITY > > _____________________ > || 0x00: ABOUT ME > || 0x01: DATELINE > || 0x02: INFORMATION > || 0x03: EXPLOITATION > || 0x04: GOOGLE DORK > || 0x05: RISK LEVEL > ____________________________________________________________ > ____________________________________________________________ > > _________________ > || 0x00: ABOUT ME > > Author: SkyOut > Date: October 2007 > Contact: skyout[-at-]smash-the-stack[-dot-]net > Website: www.smash-the-stack.net > > _________________ > || 0x01: DATELINE > > 2007-10-15: Bug found > 2007-10-15: Email with notification sent to ifnet.it > 2007-10-21: Still no reaction from ifnet.it > 2007-10-22: Advisory released > > ____________________ > || 0x02: INFORMATION > > In the WEBIF product by the italian company ifnet, an error > occurs due to the fact of an unfiltered variable (cmd) in the > webif.exe program. It is possible to execute any JavaScript code > by manipulating the parameter. > > _____________________ > || 0x03: EXPLOITATION > > To exploit this bug no exploit is needed, all can be done through > manipulation of the given URL: > > STEP 1: > Go to the standard page of the WEBIF product, normally existing > at "/cgi-bin/webif.exe". You will recognize some further parameters, > being "cmd", "config" and "outconfig". > > STEP 2: > Don't change any parameter instead of the "cmd" one. Change its value > to any JavaScript code you like. For our demo we will use the default > one, being "<script>alert('XSS');</script>". > > STEP 3: > Click ENTER and execute the code. A successfull demonstration will > popup a window. > > EXAMPLE: > http://example.com/webif/cgi-bin/webif.exe?cmd=<script>alert('XSS');</script>&config=[ > * ]&outconfig=[ * ] > > [ * ] = Depends on the server. Don't change this! > > ____________________ > || 0x04: GOOGLE DORK > > inurl:"/cgi-bin/webif/" intitle:"WEBIF" > > ___________________ > || 0x05: RISK LEVEL > > - LOW - (1/3) - > > <!> Happy Hacking <!> > > ____________________________________________________________ > ____________________________________________________________ > > THE END > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/