GEN:SID 1:1645
Message WEB-CGI testcgi access
Summary This event is generated when an attempt is made to access /testcgi on a
web server. This may indicate an attempt to exploit a cross-site
scripting vulnerability that affects Ceilidh.
Impact Arbitrary code execution, possible session hijack.
Detailed Information This event indicates that an attempt has been made to exploit a
cross-site scripting vulnerability in Ceilidh, web-based discussion
software released by Lilikoi Software, Inc. An attacker can craft a URL
that passes malicious code to testcgi.exe. If a legitimate user
activates the URL, malicious code may be executed on the client
computer.
Affected Systems All web servers that Ceilidh 2.6 or 2.7 are vulnerable.
All clients that access Ceilidh 2.6 or 2.7 are vulnerable.
Attack Scenarios An attacker may craft a script that obtains the user's session cookie,
thereby allowing the attacker to pose as the user for the duration of
the session.
Ease of Attack Simple. A proof of concept exists.
Corrective Action Upgrade to the latest version of the software.
Additional References Bugtraq
http://www.securityfocus.com/bid/7214

Nessus
http://cgi.nessus.org/plugins/dump.php3?id=11610
Rule References bugtraq: 7214
nessus: 11610