RXGoogle.CGI跨站脚本攻击漏洞-一一网

漏洞信息详情

RXGoogle.CGI跨站脚本攻击漏洞

CNNVD编号：CNNVD-200411-066

危害等级：中危
CVE编号：
CVE-2004-0251
漏洞类型：

跨站脚本
发布时间：

2004-11-23
威胁类型：

远程
更新时间：

2007-01-02
厂商：

rxgoogle.cgi
漏洞来源：
Discovery of this …

漏洞简介

Rxgoogle.cgi存在跨站脚本攻击（XSS）漏洞。远程攻击者可以借助query参数，以其他用户的身份执行任意脚本。

漏洞公告

The following patch has been submitted by a third party and is untested:
—-START
— rxgoogle.cgi 2004-02-04 14:20:38.000000000 -0500
+++ test 2004-02-04 14:27:29.000000000 -0500
@@ -197,7 +197,13 @@
my $req = new HTTP::Request GET => “$url”;
my $res = $ua->request($req);
if ($res->is_success) { $page_returned =
$res->content; } return $page_returned;}
-sub parse{my (@pairs, %in);my (@pairs, %in);my
($buffer, $pair, $name, $value);if
($ENV{‘REQUEST_METHOD’} eq ‘GET’) {@pairs = split(/&/,
$ENV{‘QUERY_STRING’});}elsif($ENV{‘REQUEST_METHOD’} eq
‘POST’) {read(STDIN, $buffer,
$ENV{‘CONTENT_LENGTH’});@pairs = split(/&/,
$buffer);}PAIR: foreach $pair (@pairs) {($name,
$value) = split(/=/, $pair);$name =~ tr/+/ /;$name =~
s/%([a-fA-F0-9][a-fA-F0-9])/pack(“C”,
hex($1))/eg;$value =~ tr/+/ /;$value =~
s/%([a-fA-F0-9][a-fA-F0-9])/pack(“C”,
hex($1))/eg;($value eq “—“) and next PAIR;exists
$in{$name} ? ($in{$name} .= “~~$value”) : ($in{$name}
= $value);}return %in;}
+
+# This parsing routine poorly sanitized user-input,
thus allowing injection
+# of metametachars, such as ‘<‘ and ‘>’. I have
patched the problem now, by
+# filtering input quite well now.
+#
+# -Shaun2k2
+sub parse{$OK_CHARS=’-a-zA-Z0-9_.@’; my (@pairs,
%in);my (@pairs, %in);my ($buffer, $pair, $name,
$value);if ($ENV{‘REQUEST_METHOD’} eq ‘GET’) {@pairs =
split(/&/,
$ENV{‘QUERY_STRING’});}elsif($ENV{‘REQUEST_METHOD’} eq
‘POST’) {read(STDIN, $buffer,
$ENV{‘CONTENT_LENGTH’});@pairs = split(/&/,
$buffer);}PAIR: foreach $pair (@pairs) {($name,
$value) = split(/=/, $pair);$name =~ tr/+/ /;$name =~
s/%([a-fA-F0-9][a-fA-F0-9])/pack(“C”,
hex($1))/eg;$name =~ s/[^$OK_CHARS]/_/go;$value =~
tr/+/ /;$value =~
s/%([a-fA-F0-9][a-fA-F0-9])/pack(“C”,
hex($1))/eg;$value =~ s/[^$OK_CHARS]/_/go;($value eq
“—“) and next PAIR;exists $in{$name} ? ($in{$name}
.= “~~$value”) : ($in{$name} = $value);}return %in;}
sub html_navbar{my
($maxhits,$current,$numhits,$url)=0;my ($html, $nh,
$prev_hit, $next_hit, $left, $right, $first, $last,
$lower, $upper)=””;$maxhits =shift; $numhits =shift;
$current =shift; $url =shift;
$nh=int($current/$maxhits)+1; $prev_hit=$nh-1;
$next_hit=$nh+1; if (($current + $maxhits) >=
$numhits) {$next_hit=0;}if ($numhits > $maxhits) {
$left = $nh; $right = int($numhits/$maxhits) –
$nh; ($left > 7) ? ($lower = $left –
7) : ($lower = 1); ($right > 7) ? ($upper = $nh
+ 7) : ($upper = int($numhits/$maxhits) + 1);
(7 – $nh >= 0) and ($upper = $upper + (8 – $nh));
($nh > ($numhits/$maxhits – 7)) and ($lower = $lower
– ($nh – int($numhits/$maxhits – 7) – 1));
$html = “”; ($nh > 1) and ($html .= qq~[previous] ~);
for ($i = 1; $i <= int($numhits/$maxhits) + 1; $i++) {
if ($i < $lower) { $html .= ” … “; $i =
($lower-1); next; } if ($i >
$upper) { $html .= ” … “; last; } ($i ==
$nh) ? ($html .= qq~$i ~) :
($html .= qq~$i ~);
(($i * $maxhits) >= $numhits) and last;
}if ($next_hit) { $html .= qq~[next] ~ unless ($nh
== $i); } }return $html;}
1;
@@ -224,4 +230,4 @@
print WRITEIT “$site\n”;
close(WRITEIT);
}
–
\ No newline at end of file
+
—END
Apply the patch as below:
$ patch rxgoogle.cgi rxgoogle-xss.patch