TclHttpd debug Module XSS

2003-09-23T00:00:00
ID OSVDB:3765
Type osvdb
Reporter Phuong Nguyen(dphuong@yahoo.com)
Modified 2003-09-23T00:00:00

Description

Vulnerability Description

TclHttpd contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the debug module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Disable debug module.

Short Description

TclHttpd contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the debug module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/debug/echo?name=<script>alert('hello');</script> http://[victim]/debug/dbg?host=<script>alert('hello');</script> http://[victim]/debug/showproc?proc=<script>alert('hello');</script> http://[victim]/debug/errorInfo?title=<script>alert('hello');</script>

References:

Vendor URL: http://www.tcl.tk/software/tclhttpd Secunia Advisory ID:9849 Related OSVDB ID: 3761 Related OSVDB ID: 3767 Related OSVDB ID: 3762 Related OSVDB ID: 3766 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2003-09/0382.html ISS X-Force ID: 13275 Bugtraq ID: 8688