Bugtraq: Re: Mailman: cross-site scripting bug

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Mailman: cross-site scripting bug

From: Axel Beckert - ecos gmbh <beckert () ecos de>
Date: Mon, 27 Jan 2003 21:28:09 +0100

At Fri, Jan 24, 2003 at 12:32:37PM -0900, Leif Sawyer wrote:

https://workserver//mailman/options/ak3barons?language=&lt;SCRIPT&gt;ale
rt('Can%20Cross%20Site%20Attack')&lt;/SCRIPT&gt;

returns:

<h2>Error</h2><strong>Invalid options to CGI script.</strong>

2.0.11 doesn't seem to be vulnerable to this.


Same counts for 2.0.13 on Apache 1.3.27.

            Kind regards, Axel Beckert
-- 
-------------------------------------------------------------
Axel Beckert      ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting

Post:       Tulpenstrasse 5         D-55276 Dienheim b. Mainz
E-Mail:     beckert () ecos de         Voice:   +49 6133 939-220
WWW:        http://www.ecos.de/     Fax:     +49 6133 939-111
-------------------------------------------------------------

By Date By Thread

Current thread:

Mailman: cross-site scripting bug webmaster (Jan 24)
- <Possible follow-ups>
- Re: Mailman: cross-site scripting bug Axel Beckert - ecos gmbh (Jan 29)