lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1349.69.162.159.30.1107032860.spork@webmail.lovebug.org>
Date: Sat, 29 Jan 2005 13:07:40 -0800 (PST)
From: steven@...ebug.org
To: bugtraq@...urityfocus.com
Subject: XSS in Infinite Mobile Delivery v2.6 Webmail


Vendor:   Captaris, Inc.
Date:     January 29, 2005
Issue:    XSS in Infinite Mobile Delivery v2.6 Webmail
URL:      http://www.capataris.com
Advisory: http://www.lovebug.org/imd_advisory.txt


Issue:

The webmail portion of the latest (and final) release of Infinite Mobile
Delivery contains a Cross Site Scripting vulnerability.  In addition to
the XSS, an even smaller issue exists where a user can determine the
installation path of the client and where e-mails are stored.

A user once logged in can simply start writing scripting immediately after
their user name and it will be executed within the browser.

---

Example: http://www-webmailusersite-com/username/[XSS]

The server will respond with:

Unable to parse request for user blah:
[XSS]

---

Also, the server will return the installation path if an illegal windows
folder character or name is entered after 'Folder:' - For example, Windows
does not let you have folders containing < > * | : \ / ? or com1, com2,
etc.

Example: http://www-webmailusersite-com/username/Folder:?

The server will respond with:

Error creating file: [drive letter]:\file's\path\USERS\username\?.IDX


---


Solutions:

I am not aware of any solutions at this time.


Vendor Response:

The vendor was notified of the issue in November 2004.  They also told me
that Captaris is no longer developing Infinite Mobile Delivery and that
there probably won't be any changs implemented.  To the best of my
knowledge there will be no further releases and there is no fix available.

Credits:

The best University in Virginia (Virginia Tech) for providing me education
for the past 3.5 years and for having so much terrible cold weather which
has given me time to write this up.

Steven
steven@...ebug.org


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ