RE: Mailman: cross-site scripting bug
From: Leif Sawyer (lsawyer@gci.com)
Date: 01/24/03
- Previous message: Blud Clot: "Eudora Message Deletion Weakness"
- Maybe in reply to: webmaster@procheckup.com: "Mailman: cross-site scripting bug"
- Next in thread: Axel Beckert - ecos gmbh: "Re: Mailman: cross-site scripting bug"
- Reply: Axel Beckert - ecos gmbh: "Re: Mailman: cross-site scripting bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Leif Sawyer <lsawyer@gci.com> To: webmaster@procheckup.com, bugtraq@securityfocus.com Date: Fri, 24 Jan 2003 12:32:37 -0900
Hmm...
https://workserver//mailman/options/ak3barons?language=<SCRIPT>ale_____
<br>
<p>Bug IDs fixed (see <a href="https:(although it's got some other issues, but nothing serious for an
rt('Can%20Cross%20Site%20Attack')</SCRIPT>
returns:
<h2>Error</h2><strong>Invalid options to CGI script.</strong>
2.0.11 doesn't seem to be vulnerable to this.
(although it's got some other issues, but nothing serious for an
internal site..)
> -----Original Message-----
> From: webmaster@procheckup.com [mailto:webmaster@procheckup.com]
> Sent: Friday, January 24, 2003 5:35 AM
> To: bugtraq@securityfocus.com
> Subject: Mailman: cross-site scripting bug
>
>
>
>
> Product: Mailman
> Affected Version: 2.1 not other version has been tested
> Vendor's URL: http://www.gnu.org/software/mailman/
> Solution: TBC
> Author: Manuel Rodriguez
>
> Introduction:
> ------------
> Mailman is software to help manage electronic mail discussion
> lists, much
> like Majordomo or Smartmail. And Mailman have web interface systems.
>
>
> Example:
> -----------------
> This is a simple example for version 2.1:
>
> 1) With mailman options the email variable is vulnerable to
> cross-site
> scripting.
>
> You can recognise the vulnerabilities with this type of URL:
>
> https://www.yourserver.com:443/mailman/options/yourlist?
> language=en&email=<SCRIPT>alert('Can%20Cross%20Site%20At
> tack')</SCRIPT>
> and that prove that any (malicious) script code is possible on web
> interface part of Mailman.
>
> 2) The default error page mailman generates does not
> adequately filter its
> input making it susceptible to cross-site scripting.
>
> https://www.yourserver.com:443//mailman/options/yourlist?
> language=<SCRIPT>alert('Can%20Cross%20Site%20Attack')<
> ;/SCRIPT>
>
- application/x-pkcs7-signature attachment: smime.p7s
- Next message: StatiX Statix: "List Site Pro v2 user account Hijacking vulnerablity"
- Previous message: Blud Clot: "Eudora Message Deletion Weakness"
- Maybe in reply to: webmaster@procheckup.com: "Mailman: cross-site scripting bug"
- Next in thread: Axel Beckert - ecos gmbh: "Re: Mailman: cross-site scripting bug"
- Reply: Axel Beckert - ecos gmbh: "Re: Mailman: cross-site scripting bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
