[30852] in bugtraq
Re: CGI.pm vulnerable to Cross-site Scripting
daemon@ATHENA.MIT.EDU (Erwann CORVELLEC)
Wed Jul 23 12:23:50 2003
Message-ID: <3F1E453C.3070403@free.fr>
Date: Wed, 23 Jul 2003 10:20:12 +0200
From: Erwann CORVELLEC <Erwann.Corvellec@free.fr>
MIME-Version: 1.0
To: lstein@cshl.org, bugtraq@securityfocus.com
In-Reply-To: <200307221257.19018.lstein@cshl.edu>
Content-Type: multipart/mixed;
boundary="------------060307010401040203080709"
--------------060307010401040203080709
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 8bit
Le 22/07/2003 18:57, Lincoln Stein a écrit :
> But this was fixed long ago in version 2.94. We're at version 2.98 now. The
> most up-to-date copy is always in CPAN.
Please find attached the patch against CGI.pm version 2.98.
--
Erwann Corvellec
--------------060307010401040203080709
Content-Type: text/plain;
name="CGI.pm-2.98-erwann_corvellec-startform-XSS-protection.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="CGI.pm-2.98-erwann_corvellec-startform-XSS-protection.patch"
--- CGI.pm.ori 2003-06-18 21:57:21.000000000 +0200
+++ CGI.pm 2003-07-23 09:53:18.000000000 +0200
@@ -1641,7 +1641,7 @@
unless (defined $action) {
$action = $self->url(-absolute=>1,-path=>1);
if (length($ENV{QUERY_STRING})>0) {
- $action .= "?$ENV{QUERY_STRING}";
+ $action .= '?' . $self->escapeHTML($ENV{QUERY_STRING},1);
}
}
$action =~ s/\"/%22/g; # fix cross-site scripting bug reported by obscure
--------------060307010401040203080709--
