lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1105593825.8638@mx249a.mysite4now.com>
Date: Wed, 12 Jan 2005 21:17:54 -0800
From: "Hyperdose Security" <robfly@...erdose.com>
To: <bugtraq@...urityfocus.com>
Subject: Cross Site Scripting holes found in Horde 3.0


Hyperdose Security Advisory

Name: Cross Site Scripting holes found in Horde 3.0
Systems Affected: Horde 3.0 installations
Severity: Moderate
Author: Robert Fly - robfly@...erdose.com
Advisory URL: http://www.hyperdose.com/advisories/H2005-01.txt

--Horde Description--
The Horde Application Framework is a general-purpose web application
framework in PHP, providing classes for dealing with preferences,
compression, browser detection, connection tracking, MIME handling, and
more.

--Bug Details--
Horde contains two XSS attacks that can be exploited through GET requests.  
Once exploited, these requests could be used to execute any javascript
commands in the context of that user, potentially including but not limited
to reading and deleting email, and stealing auth tokens.  Here are two
example URLs with simple exploits.
 
*/prefs.php?group=columns"><script>alert(document.domain)</script>&app=turba
 
*/index.php?url=http%3A%2F%2Fserver.com%2Findex.php"%20onload="javascript:al
ert(document.domain)"&frameset=0

--Fix Information--
Horde.org has released a new install to fix these issues.  Per Horde team
these issues are fixed in version 3.0.1, although v3.0.2, which contains the
fixes has already been released.  Kudos to them as they fixed these
vulnerabilities within a few hours of our original email.  GZ below:

http://ftp.horde.org/pub/horde/horde-3.0.2.tar.gz

NOTE: Per Horde team, this vulnerability does not exist in v2.0


--About Hyperdose--
Hyperdose Security was founded to provide companies with application
security knowledge through all parts of an application's security
development lifecycle.  We specialize in all phases of software development
ranging from security design and architectural reviews, security code
reviews and penetration testing.

web   www.hyperdose.com 
email robfly@...erdose.com





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ