[24501] in bugtraq
Re: Colbalt-RAQ-v4-Bugs&Vulnerabilities
daemon@ATHENA.MIT.EDU (Peter N. Go)
Fri Mar 1 16:22:23 2002
Message-Id: <3.0.32.20020301192002.01435950@crawfish.arachinc.com>
Date: Fri, 01 Mar 2002 19:20:39 +0800
To: bugtraq@securityfocus.com
From: "Peter N. Go" <peter@arachinc.com>
Cc: al3xhernandez@ureach.com
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-MDaemon-Deliver-To: bugtraq@securityfocus.com
Here are some possible solutions for the items enumerated and described by
Mr. Alex Hernandez in his "Colbalt-RAQ-v4-Bugs&Vulnerabilities" message.
------------------------
1. CROSS SITE SCRIPTING.
------------------------
Possible workaround: Instead of deleting or disabling the "service.cgi"
file, edit the file and add a line that strips out HTML tags. Something
like this:
$service =~ s/<([^>])*>//g;
This may be added after this line in the code:
my $service = $q->param('service');
-----------------------------
2. TRAVERSAL VULNERABILITIES.
-----------------------------
Possible workaround: Create an .htaccess file in the /usr/admserv/html
directory with the following entry:
<Files .htaccess>
Order allow,deny
Deny from all
</Files>
This should prevent all .htaccess files from being viewed by any web browser.
---------------------
3. DENIAL OF SERVICE.
---------------------
Possible workaround: Again, in the "service.cgi" file, add a simple check
for the length of the string passed. In this example, if the string is >
500 chars, the program exits.
if (length($service) > 500) { exit; }
Hope these info somehow help.
Peter N. Go
Site Owner/Administrator
CGI City - http://CGI-City.net/
mailto:cgicity@icthus.net
