| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Aug 2012 11:53:55 -0500 From: Jose Carlos de Arriba <jcarriba@...egroundsecurity.com> To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>, "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com> Subject: [FOREGROUND SECURITY 2012-001] Lsoft ListServ v16 (WA revision R4241) SHOWTPL parameter Cross-SIte Scripting - XSS ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2012-001 - Original release date: August 16, 2012 - Discovered by: Jose Carlos de Arriba (Penetration Testing Team Lead at Foreground Security) - Contact: (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com) - Twitter: @jcarriba - Severity: 4.3/10 (Base CVSS Score) ============================================================ I. VULNERABILITY ------------------------- Lsoft ListServ v16 (WA revision R4241) Cross-Site Scripting (XSS) vulnerability (prior versions have not been checked but could be vulnerable too). II. BACKGROUND ------------------------- LISTSERV launched the email list industry 25 years ago and remains the gold standard. Continuously developed to meet the latest demands, LISTSERV provides the power, reliability and enterprise-level performance you need to manage all of your opt-in email lists, including email newsletters, announcement lists, discussion groups and email communities. L-Soft is a pioneer in the fields of email list management software, email marketing software and email list hosting services. L-Soft's solutions are used for managing email newsletters, discussion groups, email communities and opt-in email marketing campaigns. III. DESCRIPTION ------------------------- Lsoft ListServ v16 (WA revision R4241) presents a Cross-Site Scripting (XSS) vulnerability on the parameters 'SHOWTPL' in the web form page, due to an insufficient sanitization on user supplied data and encoding output. A malicious user could perform session hijacking or phishing attacks. IV. PROOF OF CONCEPT ------------------------- http://www.example.com/SCRIPTS/WA.EXE?SHOWTPL=<script>alert(document.cookie)</script> V. BUSINESS IMPACT ------------------------- An attacker could perform session hijacking or phishing attacks. VI. SYSTEMS AFFECTED ------------------------- Lsoft ListServ v16 - WA revision R4241 (prior or later versions have not been checked so could be affected). VII. SOLUTION ------------------------- Fixed on WA revision r4276. VIII. REFERENCES ------------------------- http://www.foregroundsecurity.com/ http://www.painsec.com http://www.lsoft.com/ IX. CREDITS ------------------------- This vulnerability has been discovered by Jose Carlos de Arriba (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com). X. REVISION HISTORY ------------------------- - August 16, 2012: Initial release. XI. DISCLOSURE TIMELINE ------------------------- August 8, 2012: Vulnerability discovered by Jose Carlos de Arriba. August 8, 2012: Vendor contacted by email. August 9, 2012: Response from vendor asking for details and security advisory sent to it. August 15, 2012: Security advisory sent to vendor. August 15, 2012: Response from vendor with a new WA revision (r4276) with bug fixed. August 16, 2012: Security advisory released XII. LEGAL NOTICES ------------------------- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Jose Carlos de Arriba, CISSP Penetration Testing Team Lead Foreground Security www.foregroundsecurity.com jcarriba (a t) foregroundsecurity (d o t ) com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists