[NT] Lil' HTTP Server urlcount.cgi CSS

From: support@securiteam.com
Date: 06/28/02

• Previous message: support@securiteam.com: "[NT] Buffer Overflow in AnalogX SimpleServer:Shout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: support@securiteam.com
To: list@securiteam.com
Date: Fri, 28 Jun 2002 08:29:39 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Lil' HTTP Server urlcount.cgi CSS
------------------------------------------------------------------------

SUMMARY

 <http://www.summitcn.com/lilhttp/lildocs.html> Lil'HTTP contains a little
CGI that will count how many times a link (a href) URL is clicked on. It
can also give reports on all of the collected data. However, a security
vulnerability in the CGI allows remote attacker to cause a cross-site
scripting issue.

DETAILS

Vulnerable systems:
 * Lil' HTTP Server version 2.2

The vulnerability lies in the "REPORT" functionality of urlcount.cgi that
in certain cases will return the JavaScript or HTML content of what the
user provided without filtering it for malicious content.

Workaround:
Users can protect themselves by removing the sample file.

ADDITIONAL INFORMATION

The information has been provided by <mailto:mattmurphy@kc.rr.com>
Matthew Murphy.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

---

• Previous message: support@securiteam.com: "[NT] Buffer Overflow in AnalogX SimpleServer:Shout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Starting a Pen-Testing Career ... Perhaps my perceptions of the business are a bit naive, ... Buinsesses don't care about security and vulnerabilty and exposure. ... How else would they be able to provide such a report in isolation - ... written vulnerability scanner' to produce reports. ... (alt.computer.security) RE: nessus which plugin reports which vulnerability? ... would get you the plug-in. ... could match key-words from the report back to the plug-ins by name. ... Institute for Security and Open Methodologies ... nessus which plug'in reports which vulnerability? ... (Pen-Test) Re: IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM monopoly ... Security issues are generally handled outside of such ... It's possible that if you have a support contract ... Although people with support contracts would report problems through the SPR ... Nowadays I would hope that a report of a security vulnerability from a hobbyist ... (comp.os.vms) RE: what to do it illegal activity found during pen-test ... My initial thought was report it to the police ... designated in the contract at the start of the engagement. ... email you encrypt it using the public key of the security contact given to ... managed service can help you: http://www.cenzic.com/news_events/wpappsec.php ... (Pen-Test) Re: Pentester convicted.. ... security vulnerability to the owners of a web site, ... The fact that he made an anonymous report to SecurityFocus ... (Pen-Test)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)