Bug#364443: [Pkg-awstats-devel] Bug#364443: Vulnerability exists also
with the 'diricons' parameter
Hendrik Weimer
hendrik at enyo.de
Fri May 5 17:41:24 UTC 2006
Charles Fry <debian at frogcircus.org> writes:
>> as mentioned in http://www.osreviews.net/reviews/comm/awstats, the
>> same type of XSS vulnerability also exists with the 'diricons'
>> parameter. In this case, Debian is affected, too.
>
> As Eldy already explained (earlier in this bug report), the entire query
> string is sanitised against XSS by a call to CleanFromCSSA. The
> osreviews guys noticed that the word "Sanitize" does not surround
> diricons ("and possibly others as well"), but they failed to notice the
> cleaning call to CleanFromCSSA.
Exploit #1: http://www.example.com/cgi-bin/awstats.pl?diricons=%22%3E0wned!%3Cspan%20%22
Hendrik
More information about the Pkg-awstats-devel
mailing list