Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » COWS CGI cross-site Scripting

COWS CGI cross-site Scripting

by Nikola Strahija on January 23rd, 2002 COWS CGI Online Worldweb Shopping is a commercial shopping system which is written in Perl. COWS will run on most Linux and Unix variants as well as Microsoft Windows operating systems. COWS is prone to cross-site scripting attacks.


An attacker may exploit this situation by creating a malicious link containing script code. When a legitimate user of the service browses the link, the malicious script code will be executed on the user in the context of the site hosting the vulnerable software.

Such attacks may be used to steal cookie-based authentication credentials from legitimate users.

There is no exploit required.

Solution:

Use the security features of the browser to disable the execution of JavaScript.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »