Cross Site Scripting Vulnerability trong Mephistoles HTTPd
trang này đã được đọc lần
bi loi : HTTPd
version 0.6.0 final
httpd khong thi hanh lenh loc chuoi ki tu vao khi send cho may khach va se
quay tro lai !
don gian hay test tinh de ton thuong :
http://[host]/< A_SCRIPT>
Example:
http://[host]/< script>alert("Test")< /script>
code sua loi :
--- mephistoles-httpd-0.6.0final-noarch.pl 2004-01-21 12:16:34.000000000
+0100
+++ patch.pl 2004-01-21 12:25:56.000000000 +0100
@@ -205,7 +205,7 @@
my $ic;
if (opendir(DIR,$trdr.$public)) { } else {
- serr(404,$page);
+ serr(404,"");
return;
}
@@ -389,13 +389,13 @@
$page=conv($page); # convert $page from %XX-encoding to plain ASCII
if (evilhacker($page)) { # illegal filename
- serr(403,$page);
+ serr(403,"");
return;
}
if (($cgiholes==1) && (defined $getstr)) { # minimal protection for bad
cgi-scripts!
if (evilhacker($getstr)) {
- serr(403,$page);
+ serr(403,"");
return;
}
}
@@ -411,7 +411,7 @@
$trdr="/root/public_html/";
$trp=$2;
} else {
- serr(403,$page);
+ serr(403,"");
}
} else {
$page =~ /^\/\~(.+?)\/(.*?)$/g;
@@ -449,11 +449,11 @@
if ($reqt==2) { # POST-requests
$ENV{"REQUEST_METHOD"}="POST";
if ($postreq==0) {
- serr(403,"$page");
+ serr(403,"");
} else {
if ($postreq==1) {
if (iscgi($trp)) {
- serr(403,"$page");
+ serr(403,"");
return;
}
}
@@ -495,7 +495,7 @@
$ENV{"REQUEST_METHOD"}="GET";
if (!(-e $trdr.$trp)) {
- serr(404,$page);
+ serr(404,"");
return;
}
@@ -550,7 +550,7 @@
}
close(SRC);
} else {
- serr(404,$page);
+ serr(404,"");
}
}