Mailman: cross-site scripting bug

• Previous message: Martin Schulze: "[SECURITY] [DSA 243-1] New kdemultimedia packages fix several vulnerabilities"
• Next in thread: Leif Sawyer: "RE: Mailman: cross-site scripting bug"
• Maybe reply: Leif Sawyer: "RE: Mailman: cross-site scripting bug"
• Maybe reply: Barry Warsaw: "Re: Mailman: cross-site scripting bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 24 Jan 2003 14:35:07 -0000
From: <webmaster@procheckup.com>
To: bugtraq@securityfocus.com

Product: Mailman
Affected Version: 2.1 not other version has been tested
Vendor's URL: http://www.gnu.org/software/mailman/
Solution: TBC
Author: Manuel Rodriguez

Introduction:
------------
Mailman is software to help manage electronic mail discussion lists, much
like Majordomo or Smartmail. And Mailman have web interface systems.

Example:
-----------------
This is a simple example for version 2.1:

1) With mailman options the email variable is vulnerable to cross-site
scripting.

You can recognise the vulnerabilities with this type of URL:

https://www.yourserver.com:443/mailman/options/yourlist?
language=en&email=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>
and that prove that any (malicious) script code is possible on web
interface part of Mailman.

2) The default error page mailman generates does not adequately filter its
input making it susceptible to cross-site scripting.

https://www.yourserver.com:443//mailman/options/yourlist?
language=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>

• Next message: Phrack: "Re: TRACE used to increase the dangerous of XSS."
• Previous message: Martin Schulze: "[SECURITY] [DSA 243-1] New kdemultimedia packages fix several vulnerabilities"
• Next in thread: Leif Sawyer: "RE: Mailman: cross-site scripting bug"
• Maybe reply: Leif Sawyer: "RE: Mailman: cross-site scripting bug"
• Maybe reply: Barry Warsaw: "Re: Mailman: cross-site scripting bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]