CVE-2002-0346 PoC — Sun Cobalt RaQ Service.CGI跨站执行脚本漏洞

Source

https://github.com/alt3kx/CVE-2002-0346

Associated Vulnerability

Title:Sun Cobalt RaQ Service.CGI跨站执行脚本漏洞 (CVE-2002-0346)
Description:Cobalt RAQ 4版本中存在跨站脚本漏洞。远程攻击者利用该漏洞通过URL中的Javascript传送到(1)service.cgi或(2)alert.cgi，执行任意脚本。

Description

Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.

Readme

# CVE-2002-0346
Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.

Packetstorm publication at https://packetstormsecurity.com/files/25837/Colbalt-RAQ-v4.txt.html <br>
SecurityFocus publication at https://www.securityfocus.com/bid/4211 <br>

# Author
Alex Hernandez aka <em><a href="https://twitter.com/_alt3kx_" rel="nofollow">(@\_alt3kx\_)</a></em>

# Vendor Reponse: 

The vendor was notified

Posted List^s Security cobalt:<br>
cobalt-security@list.cobalt.com &<br>
jlovell@sun.com<br>
http://www.cobalt.com<br>

# Patch Temporary:
Delete files cgi^s from the system, or disable its possible execution.<br>

File Snapshot


 [4.0K]  /data/pocs/7bd98078c405235ceef6cd3b8ff467e679b04fcb
├── [2.9K]  CVE-2002-0346.txt
├── [ 34K]  LICENSE
└── [ 747]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!