CVE-2002-0346_Cobalt_RAQ_4_Server_XSS任意腳本執行漏洞

# CVE-2002-0346 Cobalt RAQ 4 Server XSS任意腳本執行漏洞
==INFO==

------oOo----------------
Cobalt RAQ 4 Server Management,
Cross Site Scripting , Directory Traversal & DoS Vulnerabilities.
------oOo----------------


Company Affected: www.cobalt.com & www.sun.com
Version: RAQ 4 Server Management.
Dowload: http://www.cobalt.com/products/raq/index.html
OS Affected: Linux ALL, Solaris ALL.


Author:

** Alex Hernandez 
** Thanks all the people from Spain and Argentina.
** Special Greets: White-B, Pablo S0r, Paco Spain, G.Maggiotti.


----=[Brief Description]=------------

The Sun Cobalt RaQ is a server appliance for Internet Service Providers
(ISPs). 
It can host up to 200 individual websites or it can be dedicated to a
single medium or large customer. This versatility opens up tremendous 
opportunity for service provider to invest in a single piece of hardware 
while migrating business customers up to dedicated servers.

Cobalt's service.cgi incorrectly handles the incoming search parses,
incoming HTML tags or JavaScript will be included inside the result without 
them being filtered out for dangerous content. A similar problem occurs with 
the x.cgi's inclusion of malicious code inside the resulting title search.

The cgi^s files is an open source .A security vulnerability in the
product allows attackers to insert malicious content into existing web pages by
exploiting the Cross-Site Scripting Vulnerability.


Affected Files Cgi^s

alert.cgi  
service.cgi


Workaround:
1) Delete service.cgi from the system, or disable its possible
execution.
2) Delete alert.cgi from the system, or disable its possible execution


EXAMPLES:

http://10.0.0.1:81/cgi-bin/.cobalt/alert/service.cgi?service=

Hello!

http://10.0.0.1:81/cgi-bin/.cobalt/alert/service.cgi?service= http://10.0.0.1:81/cgi-bin/.cobalt/alert/service.cgi?service= http://10.0.0.1:81/cgi-bin/.cobalt/alert/service.cgi?service= LOCATION: http://10.0.0.1:81/cgi-bin/.cobalt/alert/service.cgi?service=%3Cscript%3Ealert(document.location)%3C/script%3E COOKIES: http://10.0.0.1:81/cgi-bin/.cobalt/alert/service.cgi?service=%3Cscript%3Ealert(document.cookie)%3C/script%3E TAG IMAGES: http://10.0.0.1:81/cgi-bin/.cobalt/alert/service.cgi?service= WRITE ON DOCUMENT: http://10.0.0.1:81/cgi-bin/.cobalt/alert/service.cgi?service= Vendor Response: The vendor was notified Posted List^s Security cobalt: cobalt-security@list.cobalt.com & jlovell@sun.com http://www.cobalt.com Patch Temporary: Delete files cgi^s from the system, or disable its possible execution. Alex Hernandez (c) 2002. ------oOo------------------------------------
© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容