[UNIX] Cross Site Scripting Vulnerability In CPAN WWW::Form Perl Module

• Previous message: SecuriTeam: "[EXPL] Alphanumeric GetPC Code and Shellcode Encoder-Decoder"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 29 Jan 2004 16:03:57 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

  Cross Site Scripting Vulnerability In CPAN WWW::Form Perl Module
------------------------------------------------------------------------

SUMMARY

 <http://search.cpan.org/dist/WWW-Form/Form.pm> WWW::Form is a "simple and
extendable module that allows developers to handle HTML form validation
and display flexibly and consistently."

The WWW::Form module contains several bugs which opens the possibility for
a cross site scripting attack.

DETAILS

Vulnerable Systems:
 * WWW::Form version 1.12 and prior

Immune Systems:
 * WWW::Form version 1.13

The CPAN WWW::Form contains sections of code that open the possibility for
a cross-site-scripting attack. An excerpt from the latest vulnerable
version is presented below:

1160: my $inputHTML = "< input type='$field->{type}'"
1161:. " name='$fieldName' id='$fieldName' value='";
1162:
1163: if ($field->{type} eq 'checkbox') {
1164: $inputHTML .= $field->{defaultValue};
1165: }
1166: else {
1167: $inputHTML .= $field->{value};
1168: }

1314: $textarea .= ">";
1315:
1316: $textarea .= $field->{value};
1317:
1318: $textarea .= "< /textarea>";

Patch Availability:
There is no patch available but upgrading to version 1.13 solves the
problem.

ADDITIONAL INFORMATION

The information has been provided by <mailto:shlomif@iglu.org.il> Shlomi
Fish

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[EXPL] Alphanumeric GetPC Code and Shellcode Encoder-Decoder"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]