|
|
DeleGate跨站脚本可执行漏洞
发布时间:2001-12-31
更新时间:2001-12-31
严重程度:中
威胁程度:服务器信息泄露
错误类型:输入验证错误
利用方式:服务器模式
受影响系统DeleGate DeleGate 7.7.0
- FreeBSD FreeBSD 5.0
- HP HP-UX 11.20
- IBM AIX 4.3.3
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98se
- Microsoft Windows ME
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP3
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 3.0
- Sun Solaris 2.6
- Sun Solaris 7.0
- Sun Solaris 8.0
DeleGate DeleGate 7.7.1
- FreeBSD FreeBSD 5.0
- HP HP-UX 11.20
- IBM AIX 4.3.3
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98se
- Microsoft Windows ME
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP3
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 3.0
- Sun Solaris 2.6
- Sun Solaris 7.0
- Sun Solaris 8.0 详细描述
DeleGate 运行在多平台下的代理服务程序,可以在客户端和服务器端转义各种协议如HTTP,FTP,NNTP,POP等。
DeleGate存在跨站脚本可执行漏洞,HTML标签没有很好的被过滤,导致攻击者可以插入恶意脚本代码获得COOKIE,服务器信息等。
测试代码
http://IP_Address_of_DeleGate/<script>alert("aaa");</script>
解决方案
升级程序如下:
DeleGate DeleGate 7.7.0:
DeleGate Upgrade DeleGate/7.8.0 (ALPHA)
ftp://ftp.delegate.org/pub/DeleGate/alpha/
DeleGate DeleGate 7.7.1:
DeleGate Upgrade DeleGate/7.8.0 (ALPHA)
ftp://ftp.delegate.org/pub/DeleGate/alpha/
相关信息
参考:http://www.securityfocus.com/advisories/3751
相关主页:http://www.delegate.org/delegate/
|
