TRACKtheCLICK click.cgi XSS

2003-10-13T06:06:24
ID OSVDB:2660
Type osvdb
Reporter OSVDB
Modified 2003-10-13T06:06:24

Description

Vulnerability Description

TRACKtheClick contains a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate the agent or referrer variables upon submission in the click.cgi script. This could allow an attacker to send a specially crafted URL request that would execute arbitrary code on the server.

Solution Description

Upgrade to version 1.10.

Short Description

TRACKtheClick contains a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate the agent or referrer variables upon submission in the click.cgi script. This could allow an attacker to send a specially crafted URL request that would execute arbitrary code on the server.

References:

Secunia Advisory ID:9997 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-10/0139.html ISS X-Force ID: 13406 Generic Informational URL: http://www.scripts4webmasters.com/clicktracking/index.shtml