lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040820231924.14945.qmail@www.securityfocus.com>
Date: 20 Aug 2004 23:19:24 -0000
From: Jose Antonio <joxeankoret@...oo.es>
To: bugtraq@...urityfocus.com
Subject: Cross Site Scripting Vulnerability in Sympa




--------------------------------------------------------------------------- 
              Cross Site Scripting Vulnerability in 
Sympa  
--------------------------------------------------------------------------- 
 
Author: Joxean Koret 
Date: 2004  
Location: Basque Country 
 
--------------------------------------------------------------------------- 
 
Affected software description: 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
 
Sympa Version 4.1.X and prior to version 4.1 
 
Sympa is a rich open source mailing list 
software. Its design highly focuses  
on customization possibilities and ease of 
administration.  
 
--------------------------------------------------------------------------- 
 
Vulnerabilities: 
~~~~~~~~~~~~~~~~ 
 
A. Cross Site Scripting Vulnerability 
 
A1. I found a cross site scripting vulnerability in 
the creation list option. 
 
This could allow for execution of hostile HTML 
and script code in the web  
client of a user who visits a web page that 
contains the malicious code.  
This would occur in the security context of the 
site hosting the software. 
  
Exploitation could allow for theft of cookie-based 
authentication credentials. Other attacks are 
also possible.  
 
To test it follow these steps :  
 
 1.- Navigate to http://<site-with-sympa>/wws 
 2.- Login with a valid e-mail and password (or 
click in the Send me Password option and follow 
the instructions) 
 3.- Click on create list option 
 4.- In the "List Name" field enter the text that you 
want. 
 5.- In the "Subject" field enter the subject that 
you want. 
 6.- Select your preferred topic 
 7.- In the description field insert the following 
text :  
  
 Whatever_you_want&lt;script&gt;alert("Your cookie 
is " + document.cookie)&lt;/script&gt; 
 
 8.- Click on "Submit your creation Request" 
button. 
 9.- The list is created. 
 10.- Now, click on "List Info". You will see your 
cookie in a javascript "alert" message box 
 
The fix: 
~~~~~~~~ 
 
The vendor is contacted but no fixes are 
released at the moment. 
 
References 
~~~~~~~~~~ 
 
The bug in the Sympa bugtracking list : 
 
http://listes.cru.fr/mantis/view_bug_advanced_page.php?f_id=0000327 
 
The Sympa web site :  
 
http://www.sympa.org 
 
--------------------------------------------------------------------------- 
Contact: 
~~~~~~~~ 
 
	Joxean Koret at 
joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es 
 
 
 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ