PingER Script vulnerabilites

Created by Les Cottrell, last modified on Jun 20, 2018

These were unearthed by https://slacprod.service-now.com/sys_attachment.do?sys_id=5ef99ae9dbbed300e8bffd0d0f961936

Connectivity.pl

XSS vulnerability against the format parameter in the QUERY_STRING.

Fixed by not reflecting the input from the format parameter.

XSS vulnerability against the rawdata parameter in the QUERY_STRING.

Fixed by using &valid_ip to validate parameter is a valid IP name or a valid IPv4 or IPv6 address and exiting if not.

XSS vulnerability against http://www-iepm.slac.stanford.edu/cgi-bin/connectivity.pl/%27%20onmouseover%3D%27alert%289%29%3B%27.

Fixed by not responding with $ENV{SCRIPT_URI} bur rather http://www-iepm.slac.stanford.edu/cgi-wrap/connectivity.pl

No labels