BugTraq
Back to list
|
Post reply
Cross Site Scripting Vulnerability in Sympa
Aug 20 2004 11:19PM
Jose Antonio (joxeankoret yahoo es)
------------------------------------------------------------------------
---
Cross Site Scripting Vulnerability in
Sympa
------------------------------------------------------------------------
---
Author: Joxean Koret
Date: 2004
Location: Basque Country
------------------------------------------------------------------------
---
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sympa Version 4.1.X and prior to version 4.1
Sympa is a rich open source mailing list
software. Its design highly focuses
on customization possibilities and ease of
administration.
------------------------------------------------------------------------
---
Vulnerabilities:
~~~~~~~~~~~~~~~~
A. Cross Site Scripting Vulnerability
A1. I found a cross site scripting vulnerability in
the creation list option.
This could allow for execution of hostile HTML
and script code in the web
client of a user who visits a web page that
contains the malicious code.
This would occur in the security context of the
site hosting the software.
Exploitation could allow for theft of cookie-based
authentication credentials. Other attacks are
also possible.
To test it follow these steps :
1.- Navigate to http://<site-with-sympa>/wws
2.- Login with a valid e-mail and password (or
click in the Send me Password option and follow
the instructions)
3.- Click on create list option
4.- In the "List Name" field enter the text that you
want.
5.- In the "Subject" field enter the subject that
you want.
6.- Select your preferred topic
7.- In the description field insert the following
text :
Whatever_you_want<script>alert("Your cookie
is " + document.cookie)</script>
8.- Click on "Submit your creation Request"
button.
9.- The list is created.
10.- Now, click on "List Info". You will see your
cookie in a javascript "alert" message box
The fix:
~~~~~~~~
The vendor is contacted but no fixes are
released at the moment.
References
~~~~~~~~~~
The bug in the Sympa bugtracking list :
http://listes.cru.fr/mantis/view_bug_advanced_page.php?f_id=0000327
The Sympa web site :
http://www.sympa.org
------------------------------------------------------------------------
---
Contact:
~~~~~~~~
Joxean Koret at
joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
------------------------------------------------------------------------
---
Cross Site Scripting Vulnerability in
Sympa
------------------------------------------------------------------------
---
Author: Joxean Koret
Date: 2004
Location: Basque Country
------------------------------------------------------------------------
---
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sympa Version 4.1.X and prior to version 4.1
Sympa is a rich open source mailing list
software. Its design highly focuses
on customization possibilities and ease of
administration.
------------------------------------------------------------------------
---
Vulnerabilities:
~~~~~~~~~~~~~~~~
A. Cross Site Scripting Vulnerability
A1. I found a cross site scripting vulnerability in
the creation list option.
This could allow for execution of hostile HTML
and script code in the web
client of a user who visits a web page that
contains the malicious code.
This would occur in the security context of the
site hosting the software.
Exploitation could allow for theft of cookie-based
authentication credentials. Other attacks are
also possible.
To test it follow these steps :
1.- Navigate to http://<site-with-sympa>/wws
2.- Login with a valid e-mail and password (or
click in the Send me Password option and follow
the instructions)
3.- Click on create list option
4.- In the "List Name" field enter the text that you
want.
5.- In the "Subject" field enter the subject that
you want.
6.- Select your preferred topic
7.- In the description field insert the following
text :
Whatever_you_want<script>alert("Your cookie
is " + document.cookie)</script>
8.- Click on "Submit your creation Request"
button.
9.- The list is created.
10.- Now, click on "List Info". You will see your
cookie in a javascript "alert" message box
The fix:
~~~~~~~~
The vendor is contacted but no fixes are
released at the moment.
References
~~~~~~~~~~
The bug in the Sympa bugtracking list :
http://listes.cru.fr/mantis/view_bug_advanced_page.php?f_id=0000327
The Sympa web site :
http://www.sympa.org
------------------------------------------------------------------------
---
Contact:
~~~~~~~~
Joxean Koret at
joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es
[ reply ]