[UNIX] SquirrelMail Cross Scripting Attacks (compose.php)

• Previous message: SecuriTeam: "[UNIX] Remote Buffer Overflow Vulnerabilities in Real RTSP Streaming"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 2 May 2004 18:07:14 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

  SquirrelMail Cross Scripting Attacks (compose.php)
------------------------------------------------------------------------

SUMMARY

 <http://www.squirrelmail.org/> SquirrelMail is "a standards-based web
mail package written in PHP4". Multiple cross-site scripting
vulnerabilities have been found in the product, these vulnerabilities
would allow a remote attacker to steal user cookies (used for
authentication).

DETAILS

Vulnerable Systems:
 * SquirrelMail version 1.4.2 and older

Immune Systems:
 * SquirrelMail version 1.4.3 or newer

SquirrelMail is prone to many cross scripting attacks that can be used to
steal user cookies. The exploit lies in the way SquirrelMail presents the
folder names and shows them.

Example:
http://victim.com/mail/src/compose.php?mailbox=INBOX

Which can be replaced as follows
http://victim.com/mail/src/compose.php?mailbox="><script>malacious
script</script>

http://victim.com/mail/src/compose.php?mailbox="><script>window.alert(document.cookie)</script>

ADDITIONAL INFORMATION

The information has been provided by <mailto:alvin_gboy@hotmail.com>
Alvin Alex.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[UNIX] Remote Buffer Overflow Vulnerabilities in Real RTSP Streaming"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [UNIX] SquirrelMail Cross Site Scripting in Encoded Text ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... SquirrelMail has all the functionality you would want from an email ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) [UNIX] SquirrelMail Arbitrary Variable Overwriting ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... SquirrelMail is a standards-based webmail package written in php. ... the core SquirrelMail scripts that can allow an attacker to take control ... SquirrelMail contains a vulnerability that may allow an authenticated user ... (Securiteam) [UNIX] Sympa Mailing List System Cross Site Scripting ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... cross site scripting vulnerabilities. ... The creation list option is vulnerable to cross site-scripting attacks. ... (Securiteam) [NEWS] HP OpenView Network Node Manager Multiple CGI Buffer Overflows ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Authentication is not required to exploit these vulnerabilities. ... The specific flaws exists within the CGI applications that handle the ... (Securiteam) [NT] FutureSoft TFTP Server 2000 Buffer Overflow and Directory Traversal ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Two vulnerabilities were identified in FutureSoft TFTP Server, ... (Securiteam)