[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ADCAC56A09E84A4D8E31044C72B6D31E35B5B4FD79@34093-MBX-C14.mex07a.mlsrvr.com>
Date: Thu, 16 Aug 2012 11:53:55 -0500
From: Jose Carlos de Arriba <jcarriba@...egroundsecurity.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
"bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: [FOREGROUND SECURITY 2012-001] Lsoft ListServ v16
(WA revision R4241) SHOWTPL parameter Cross-SIte Scripting - XSS
============================================================
FOREGROUND SECURITY, SECURITY ADVISORY 2012-001
- Original release date: August 16, 2012
- Discovered by: Jose Carlos de Arriba (Penetration Testing Team Lead at Foreground Security)
- Contact: (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com)
- Twitter: @jcarriba
- Severity: 4.3/10 (Base CVSS Score)
============================================================
I. VULNERABILITY
-------------------------
Lsoft ListServ v16 (WA revision R4241) Cross-Site Scripting (XSS) vulnerability (prior versions have not been checked but could be vulnerable too).
II. BACKGROUND
-------------------------
LISTSERV launched the email list industry 25 years ago and remains the gold standard. Continuously developed to meet the latest demands, LISTSERV provides the power, reliability and enterprise-level performance you need to manage all of your opt-in email lists, including email newsletters, announcement lists, discussion groups and email communities.
L-Soft is a pioneer in the fields of email list management software, email marketing software and email list hosting services. L-Soft's solutions are used for managing email newsletters, discussion groups, email communities and opt-in email marketing campaigns.
III. DESCRIPTION
-------------------------
Lsoft ListServ v16 (WA revision R4241) presents a Cross-Site Scripting (XSS) vulnerability on the parameters 'SHOWTPL' in the web form page, due to an insufficient sanitization on user supplied data and encoding output.
A malicious user could perform session hijacking or phishing attacks.
IV. PROOF OF CONCEPT
-------------------------
http://www.example.com/SCRIPTS/WA.EXE?SHOWTPL=<script>alert(document.cookie)</script>
V. BUSINESS IMPACT
-------------------------
An attacker could perform session hijacking or phishing attacks.
VI. SYSTEMS AFFECTED
-------------------------
Lsoft ListServ v16 - WA revision R4241 (prior or later versions have not been checked so could be affected).
VII. SOLUTION
-------------------------
Fixed on WA revision r4276.
VIII. REFERENCES
-------------------------
http://www.foregroundsecurity.com/
http://www.painsec.com
http://www.lsoft.com/
IX. CREDITS
-------------------------
This vulnerability has been discovered by Jose Carlos de Arriba (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com).
X. REVISION HISTORY
-------------------------
- August 16, 2012: Initial release.
XI. DISCLOSURE TIMELINE
-------------------------
August 8, 2012: Vulnerability discovered by Jose Carlos de Arriba.
August 8, 2012: Vendor contacted by email.
August 9, 2012: Response from vendor asking for details and security advisory sent to it.
August 15, 2012: Security advisory sent to vendor.
August 15, 2012: Response from vendor with a new WA revision (r4276) with bug fixed.
August 16, 2012: Security advisory released
XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
Jose Carlos de Arriba, CISSP
Penetration Testing Team Lead
Foreground Security
www.foregroundsecurity.com
jcarriba (a t) foregroundsecurity (d o t ) com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists