exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ipcop141.txt

ipcop141.txt
Posted Dec 11, 2004
Authored by Paul Kurczaba

IPCop suffers from a cross site scripting vulnerability in proxylog.dat. Version 1.4.1 is affected. Older versions have not been tested.

tags | advisory, xss
SHA-256 | d59eb12e5bbe5ceef338184b82b1fac9c3a6e988d1838bdfd2258a2389d111e7

ipcop141.txt

Change Mirror Download
IPCop Cross Site Scripting Vulnerability in "proxylog.dat"
http://www.kurczaba.com/html/security/0411291.htm
----------------------------------------------------------

Overview:
"IPCop implements existing technology, secure programming practices and outstanding new concepts to make it ‘the’ Linux Distribution for protecting single home computers, to large corporate networks from intrusions and attacks." -http://www.ipcop.org

Vendor:
IPCop (http://www.ipcop.org)

Affected Systems/Configuration:
1.4.1, possibly older versions

Vulnerability/Exploit:
A Cross Site Scripting vulnerability has been found in the IPCop web interface. The "proxylog.dat" page allows the IPCop administrators to review browsed websites that have been processed through Squid. By creating a specially crafted HTTP request, it is possible to inject script code into the "proxylog.dat" page. The variables "$url" and "$part" are not sanitized before being sent to the user. When the administrators view the page, the script code will be executed.

Proof of Concept:
The following HTTP request example will cause script injection into the proxy log:
-----START PoC-----
GET /<script>alert('XSS_PoC')</script> HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: example.com
Connection: Close


-----END PoC-------


Workaround:
1) Open /home/httpd/cgi-bin/logs.cgi/proxylog.dat
2) Locate the following text: unless (length($part) < 60) { $part = "${part}..."; }
3) Insert the following five lines below:
#Filter out < and >
$url =~s/</</g;
$part =~s/</</g;
$url =~s/>/>/g;
$part =~s/>/>/g;

Date Discovered:
November 29, 2004

Severity:
Low

Credit:
Paul Kurczaba
Kurczaba Associates

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close