Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: Cross Site Scripting Vulnerability in Sympa

Cross Site Scripting Vulnerability in Sympa

From: Jose Antonio <joxeankoret_at_yahoo.es>
Date: 20 Aug 2004 23:19:24 -0000
('binary' encoding is not supported, stored as-is) ---------------------------------------------------------------------------
              Cross Site Scripting Vulnerability in
Sympa
---------------------------------------------------------------------------
 
Author: Joxean Koret
Date: 2004
Location: Basque Country
 
---------------------------------------------------------------------------
 
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Sympa Version 4.1.X and prior to version 4.1
 
Sympa is a rich open source mailing list
software. Its design highly focuses
on customization possibilities and ease of
administration.
 
---------------------------------------------------------------------------
 
Vulnerabilities:
~~~~~~~~~~~~~~~~
 
A. Cross Site Scripting Vulnerability
 
A1. I found a cross site scripting vulnerability in
the creation list option.
 
This could allow for execution of hostile HTML
and script code in the web
client of a user who visits a web page that
contains the malicious code.
This would occur in the security context of the
site hosting the software.
  
Exploitation could allow for theft of cookie-based
authentication credentials. Other attacks are
also possible.
 
To test it follow these steps :
 
 1.- Navigate to http://<site-with-sympa>/wws
 2.- Login with a valid e-mail and password (or
click in the Send me Password option and follow
the instructions)
 3.- Click on create list option
 4.- In the "List Name" field enter the text that you
want.
 5.- In the "Subject" field enter the subject that
you want.
 6.- Select your preferred topic
 7.- In the description field insert the following
text :
  
 Whatever_you_want&lt;script&gt;alert("Your cookie
is " + document.cookie)&lt;/script&gt;
 
 8.- Click on "Submit your creation Request"
button.
 9.- The list is created.
 10.- Now, click on "List Info". You will see your
cookie in a javascript "alert" message box
 
The fix:
~~~~~~~~
 
The vendor is contacted but no fixes are
released at the moment.
 
References
~~~~~~~~~~
 
The bug in the Sympa bugtracking list :
 
http://listes.cru.fr/mantis/view_bug_advanced_page.php?f_id=0000327
 
The Sympa web site :
 
http://www.sympa.org
 
---------------------------------------------------------------------------
Contact:
~~~~~~~~
 
        Joxean Koret at
joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es
 
 
 
Received on Aug 21 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]