PISG IRC Nick HTML Injection Vulnerability
BID:10195
Info
PISG IRC Nick HTML Injection Vulnerability
| Bugtraq ID: | 10195 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 22 2004 12:00AM |
| Updated: | Apr 22 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to <[email protected]>. |
| Vulnerable: |
pisg pisg 0.54 |
| Not Vulnerable: | |
Discussion
PISG IRC Nick HTML Injection Vulnerability
pisg has been reported prone to an input validation vulnerability. The issue will only present itself when pisg is used to monitor an IRC server that does not place limitations on IRC Nick values that can be used.
If an attacker specifies HTML code as a value for the IRC Nickname, this value may be incorporated into the HTML pages that are generated by pisg.
pisg has been reported prone to an input validation vulnerability. The issue will only present itself when pisg is used to monitor an IRC server that does not place limitations on IRC Nick values that can be used.
If an attacker specifies HTML code as a value for the IRC Nickname, this value may be incorporated into the HTML pages that are generated by pisg.
Exploit / POC
PISG IRC Nick HTML Injection Vulnerability
The following example has been supplied:
PROOF:
1. silc
2. /connect %Suitable IRC server%
3. /nick <script>alert(document.domain);</script>
4. /log ...
5. /me a couple of times on a channel
6. /quit
3. then generate stats ./pisg
4. surf the index.html
The following example has been supplied:
PROOF:
1. silc
2. /connect %Suitable IRC server%
3. /nick <script>alert(document.domain);</script>
4. /log ...
5. /me a couple of times on a channel
6. /quit
3. then generate stats ./pisg
4. surf the index.html
Solution / Fix
PISG IRC Nick HTML Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.