header-logo
Suggest Exploit
vendor:
csPassword.cgi
by:
Mike Barone and Andy Angrick
4.3
CVSS
MEDIUM
Authentication Bypass
287
CWE
Product Name: csPassword.cgi
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

CGIScript.net csPassword.cgi Vulnerability

A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net. It is possible for an authenticated user to add directives and make changes to the generated .htaccess file. Adding the javascript as part of the URL will change the text field into a textbox allowing users to enter newlines and other characters.

Mitigation:

Ensure that the csPassword.cgi script is not accessible to unauthorized users.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4888/info

CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick.

A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net. It is possible for an authenticated user to add directives and make changes to the generated .htaccess file. 

javascript:void(document.form1.title.outerHTML="<textarea name=title>&lt;/textarea&gt;");

Adding the javascript as part of the URL will change the text field into a textbox allowing users to enter newlines and other characters.

Navigation

Suggest Exploit

Services By CQR