Graymatter - perl based web blog. offsite: http://www.greymatterforums.com/ GM analyze posting comments and if post contain some dangerous code (like <script></script>), administrator get message about it in log files. Log files contain not only message, but dangerous code. When admin try to look log files (Admin panel Options: "View Control Panel Log"), code execute in admin's browser. Example attack: Add comments: Name: <script>alert('XSS')</script> Comment: <meta http-equiv="refresh" content="0; url=http://site_with_danger_content.evil"/> And admin can't enter in "View Control Panel Log" menu, because this page is redirecting on attacker site. Solution: Edit gm-library.cgi. Like that: ----------------------------------------------------------- open (FUNNYFEET, "gm-cplog.cgi"); @gmlogfile = <FUNNYFEET>; close (FUNNYFEET); foreach $gmlogfileline (@gmlogfile) { chomp ($gmlogfileline); $gmlogfileline=~s/<b>/#BOLD_OPEN#/ig; $gmlogfileline=~s/<\/b>/#BOLD_CLOSED#/ig; $gmlogfileline=~s/<font size="1">/#FONT_OPEN#/ig; $gmlogfileline=~s/<\/font>/#FONT_CLOSED#/ig; $gmlogfileline=~s/<|>|<|>/#/ig; $gmlogfileline=~s/#BOLD_OPEN#/<b>/ig; $gmlogfileline=~s/#BOLD_CLOSED#/<\/b>/iig; $gmlogfileline=~s/#FONT_OPEN#/<font size="1">/g; $gmlogfileline=~s/#FONT_CLOSED#/<\/font>/ig; print "$gmlogfileline<BR>"; } print qq(<font size="1">All danger tags replace with # symbol</font><BR>); ------------------------------------------------------- Sory for my english, it's not my primary language. --------------------------------------------------------- http://www.securityinfo.ru
