[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

'printenv' XSS vulnerability





***** This writing is part of Malloc() Hackers & Malloc() Security *****
 			http://www.mallochackers.com
			http://www.superw00t.com     
************************************************************************
 	
Title: 'printenv' XSS vulnerability
~~~~~
  	   Author: Dr.Tek of Malloc() 
           ~~~~~~

Contact: "Dr.Tek" - (tek@xxxxxxxxxxxxx)
~~~~~~~

No modification of the contents of this file should be made
without direct consent of the author or of Malloc() hackers or
Malloc() Security.
************************************************************************


'printenv' is a test CGI script that tends to come default with most
Apache installation. Usually located in the "/cgi-bin/" directory.


An XSS vulnerbility exist which will allow anyone to input specially 
crafted links and/or other malicious/obscene scripts.


Example exploitation:

http://www.w00tw00t.com/cgi-bin/printenv/<a href="bad">If you see this 
error, Click here!</a>


Fix:

Since 'printenv' is just an example CGI script that has no real use and 
has its own problems. Just remove it.