Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1645 |
Message | WEB-CGI testcgi access |
Summary | This event is generated when an attempt is made to access /testcgi on a web server. This may indicate an attempt to exploit a cross-site scripting vulnerability that affects Ceilidh. |
Impact | Arbitrary code execution, possible session hijack. |
Detailed Information | This event indicates that an attempt has been made to exploit a cross-site scripting vulnerability in Ceilidh, web-based discussion software released by Lilikoi Software, Inc. An attacker can craft a URL that passes malicious code to testcgi.exe. If a legitimate user activates the URL, malicious code may be executed on the client computer. |
Affected Systems | All web servers that Ceilidh 2.6 or 2.7 are vulnerable. All clients that access Ceilidh 2.6 or 2.7 are vulnerable. |
Attack Scenarios | An attacker may craft a script that obtains the user's session cookie, thereby allowing the attacker to pose as the user for the duration of the session. |
Ease of Attack | Simple. A proof of concept exists. |
Corrective Action | Upgrade to the latest version of the software. |
Additional References | Bugtraq http://www.securityfocus.com/bid/7214 Nessus http://cgi.nessus.org/plugins/dump.php3?id=11610 |
Rule References | bugtraq: 7214 nessus: 11610 |
--
DID:216148
--
http://www.aanval.com/