Home page logo

bugtraq logo Bugtraq mailing list archives

Cross Site Scripting Vulnerability in Sympa
From: Jose Antonio <joxeankoret () yahoo es>
Date: 20 Aug 2004 23:19:24 -0000

              Cross Site Scripting Vulnerability in 
Author: Joxean Koret 
Date: 2004  
Location: Basque Country 
Affected software description: 
Sympa Version 4.1.X and prior to version 4.1 
Sympa is a rich open source mailing list 
software. Its design highly focuses  
on customization possibilities and ease of 
A. Cross Site Scripting Vulnerability 
A1. I found a cross site scripting vulnerability in 
the creation list option. 
This could allow for execution of hostile HTML 
and script code in the web  
client of a user who visits a web page that 
contains the malicious code.  
This would occur in the security context of the 
site hosting the software. 
Exploitation could allow for theft of cookie-based 
authentication credentials. Other attacks are 
also possible.  
To test it follow these steps :  
 1.- Navigate to http://<site-with-sympa>/wws 
 2.- Login with a valid e-mail and password (or 
click in the Send me Password option and follow 
the instructions) 
 3.- Click on create list option 
 4.- In the "List Name" field enter the text that you 
 5.- In the "Subject" field enter the subject that 
you want. 
 6.- Select your preferred topic 
 7.- In the description field insert the following 
text :  
 Whatever_you_want&lt;script&gt;alert("Your cookie 
is " + document.cookie)&lt;/script&gt; 
 8.- Click on "Submit your creation Request" 
 9.- The list is created. 
 10.- Now, click on "List Info". You will see your 
cookie in a javascript "alert" message box 
The fix: 
The vendor is contacted but no fixes are 
released at the moment. 
The bug in the Sympa bugtracking list : 
The Sympa web site :  
        Joxean Koret at 

  By Date           By Thread  

Current thread:
  • Cross Site Scripting Vulnerability in Sympa Jose Antonio (Aug 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]