[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DCSlib : Apache Printenv XSS vulnerability



 ***** This writing is part of Malloc() Hackers & Malloc() Security *****
  			http://www.mallochackers.com
 			http://www.superw00t.com
 ************************************************************************

 Title: 'printenv' XSS vulnerability
 ~~~~~
   	   Author: Dr.Tek of Malloc()
            ~~~~~~

 Contact: "Dr.Tek" - (tek@superw00t.com)
 ~~~~~~~

 No modification of the contents of this file should be made
 without direct consent of the author or of Malloc() hackers or
 Malloc() Security.
 ************************************************************************


 'printenv' is a test CGI script that tends to come default with most
 Apache installation. Usually located in the "/cgi-bin/" directory.


 An XSS vulnerbility exist which will allow anyone to input specially
 crafted links and/or other malicious/obscene scripts.


 Example exploitation:

 http://www.w00tw00t.com/cgi-bin/printenv/<a href="bad">If you see this
 error, Click here!</a>


 Fix:

 Since 'printenv' is just an example CGI script that has no real use and
 has its own problems. Just remove it.