Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: General :: ttc.txt

TrackTheClick vulnerability TRACKtheCLICK Script Injection Vulnerabilities 
Discovered By Chris Rahm (aka: BrainRawt) ( <>)

A perl coded CGI that tracks your email, ezine, banner, and web site 
links. TRACKtheCLICK outputs log information to a data file that in
return is viewable in an organized HTML format through the use of
another CGI called admin.cgi.

TRACKtheCLICK can be downloaded from the following address.


Vulnerable Version:
Version 1.0

Vendor Contact:
10-5-03 - Emailed <>

10-10-03 - No Response 

Due to a lack of filtering in click.cgi, scalars $agent and $referer are
vulnerable to script injection. An individual can inject malicious code
to the data file by spoofing their User-Agent: and/or Referer:. When the
data file is opened by admin.cgi, the injected code will be executed by 
that persons browser.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH