| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Oct 2010 01:58:58 -0600 From: kerem.kocaer@...sec.se To: bugtraq@...urityfocus.com Subject: NetWin Surgemail XSS vulnerability Application NetWin Surgemail 4.3e Vendor NetWin - http://netwinsite.com Discovered by Kerem Kocaer <kerem.kocaer@...sec.se> Problem ------- Cross-site scripting (XSS) vulnerability in the Surgemail webmail login page (/surgemail) allows remote attackers to inject arbitrary web script or HTML. Input passed to the "username_ex" parameter is not properly sanitised before being returned to the user, therefore enabling the execution of arbitrary script code in a user's browser session, which can lead to cookie theft and session hijacking. The vulnerability is confirmed to exist in version 4.3e (latest version at the date of vulnerability discovery). Previous versions may also be vulnerable. Exploit ------- http://[address]/surgeweb?username_ex="/><scri<script>alert(document.cookie);</script><input type="hidden (tested on Firefox) Fix --- The vendor has reported fixing the problem in version 4.3g. Timeline -------- 2010-05-13 Notified NetWin (ChrisP.) 2010-05-13 Received response from NetWin 2010-05-13 Provided details to NetWin 2010-05-26 Surgemail patched Reference --------- CVE Number: CVE-2010-3201
Powered by blists - more mailing lists