| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041220130945.GA25905@server.gwsh.gda.pl>
Date: Mon, 20 Dec 2004 14:09:45 +0100
From: lazy@...ver.gwsh.gda.pl
To: Jaroslaw Sajko <sloik@....poznan.pl>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Re: Gadu-Gadu, another two bugs
On Fri, Dec 17, 2004 at 11:23:38AM +0100, Jaroslaw Sajko wrote:
> Product: Gadu-Gadu, build 155 and older
> Vendor: SMS-EXPRESS.COM (http://www.gadu-gadu.pl)
> Impact: Script execution in local zone,
> Remote DoS
> Severity: High
> Authors: Blazej Miga <bla@....poznan.pl>,
> Jaroslaw Sajko <sloik@....poznan.pl>
> Date: 17/12/04
...
> [DETAILS]
>
> Bug 1.
> Parsing error. We can send a malicious string which has an url inside.
> This url can be a javascript code for example or reference to such a code.
> Code will execute when the window with message pops up. Code will execute
> in LOCAL ZONE! Works also with older versions.
>
> Example:
>
> Send such a string to any receipent:
> www.po"style=background-image:url(javascript:document.write('%3cscript%3ealert%28%22you%20are%20owned!%22%29%3c%2fscript%3e'));".pl
>
tlen.pl - another polish IM was also vulunerable to Bug1
they fixed it in 5.23.4.2 and (as I was told) they now block it on the servers, but you can check it
locally on your own client
__
Regards,
Michal Grzedzicki
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists