Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

[KA Advisory 0411291] IPCop Cross Site Scripting Vulnerability in "proxylog.dat"
From: Kurczaba Associates advisories <advisories () kurczaba com>
Date: Tue, 30 Nov 2004 21:02:54 -0500
IPCop Cross Site Scripting Vulnerability in "proxylog.dat"
http://www.kurczaba.com/html/security/0411291.htm
----------------------------------------------------------

Overview:
"IPCop implements existing technology, secure programming practices and outstanding new concepts to make it ‘the’ Linux 
Distribution for protecting single home computers, to large corporate networks from intrusions and attacks." 
-http://www.ipcop.org

Vendor:
IPCop (http://www.ipcop.org)

Affected Systems/Configuration:
1.4.1, possibly older versions

Vulnerability/Exploit:
A Cross Site Scripting vulnerability has been found in the IPCop web interface. The "proxylog.dat" page allows the 
IPCop administrators to review browsed websites that have been processed through Squid. By creating a specially crafted 
HTTP request, it is possible to inject script code into the "proxylog.dat" page. The variables "$url" and "$part" are 
not sanitized before being sent to the user. When the administrators view the page, the script code will be executed.

Proof of Concept:
The following HTTP request example will cause script injection into the proxy log:
-----START PoC-----
GET /<script>alert('XSS_PoC')</script> HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, 
application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: example.com
Connection: Close


-----END PoC-------

         
Workaround:
1) Open /home/httpd/cgi-bin/logs.cgi/proxylog.dat
2) Locate the following text: unless (length($part) < 60) { $part = "${part}..."; }
3) Insert the following five lines below:
#Filter out < and >
$url =~s/</&lt;/g;
$part =~s/</&lt;/g;
$url =~s/>/&gt;/g;
$part =~s/>/&gt;/g;      

Date Discovered:
November 29, 2004

Severity:
Low

Credit:
Paul Kurczaba
Kurczaba Associates

  By Date           By Thread  

Current thread:
  • [KA Advisory 0411291] IPCop Cross Site Scripting Vulnerability in "proxylog.dat" Kurczaba Associates advisories (Dec 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]