lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20041130210254.eb93a318@mail.kurczaba.com>
Date: Tue, 30 Nov 2004 21:02:54 -0500
From: Kurczaba Associates advisories <advisories@...czaba.com>
To: bugtraq@...urityfocus.com
Subject: [KA Advisory 0411291] IPCop Cross Site Scripting Vulnerability in
	"proxylog.dat"


IPCop Cross Site Scripting Vulnerability in "proxylog.dat"
http://www.kurczaba.com/html/security/0411291.htm
----------------------------------------------------------

Overview:
"IPCop implements existing technology, secure programming practices and outstanding new concepts to make it ‘the’ Linux Distribution for protecting single home computers, to large corporate networks from intrusions and attacks." -http://www.ipcop.org

Vendor:
IPCop (http://www.ipcop.org)

Affected Systems/Configuration:
1.4.1, possibly older versions

Vulnerability/Exploit:
A Cross Site Scripting vulnerability has been found in the IPCop web interface. The "proxylog.dat" page allows the IPCop administrators to review browsed websites that have been processed through Squid. By creating a specially crafted HTTP request, it is possible to inject script code into the "proxylog.dat" page. The variables "$url" and "$part" are not sanitized before being sent to the user. When the administrators view the page, the script code will be executed.

Proof of Concept:
The following HTTP request example will cause script injection into the proxy log:
-----START PoC-----
GET /<script>alert('XSS_PoC')</script> HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: example.com
Connection: Close


-----END PoC-------

  	 
Workaround:
1) Open /home/httpd/cgi-bin/logs.cgi/proxylog.dat
2) Locate the following text: unless (length($part) < 60) { $part = "${part}..."; }
3) Insert the following five lines below:
#Filter out < and >
$url =~s/</&lt;/g;
$part =~s/</&lt;/g;
$url =~s/>/&gt;/g;
$part =~s/>/&gt;/g; 	 

Date Discovered:
November 29, 2004

Severity:
Low

Credit:
Paul Kurczaba
Kurczaba Associates

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ