I. VULNERABILITY

-------------------------

Reflected XSS in SpamTitan 6.01



II. BACKGROUND

-------------------------

SpamTitan offers the best protection for your email on the market. We
consistently block more than 99.9% of all spam and have independent
comparative tests and awards to show this.



III. DESCRIPTION

-------------------------

Has been detected a XSS Reflected via GET in SpamTitan in

"/auth-settings-x.php?getwebauth&domain_filter=aaa&startIndex=0&type=all&results=5&sortkey=domain&sortdir="

parameter “sortdir” that allows the execution of arbitrary HTML/script
code to be executed in the context of the victim user's browser.





IV. PROOF OF CONCEPT

-------------------------

The application does not validate the parameter sortdir in

http://10.200.210.5/auth-settings-x.php?getwebauth&domain_filter=aaa&startIndex=0&type=all&results=5&sortkey=domain&sortdir=aaa"<body
onload=alert(document.cookie)>





V. BUSINESS IMPACT

-------------------------



That allows the code execution arbitrary in victim  Browser



VI. REQUIREMENTS

-----------------------

An Attacker needs to know the IP of the device.

An Administrator needs an authenticated connection to the device.



VII. SYSTEMS AFFECTED

-------------------------

Try SpamTitan 6.00 and 6.01 VM and Demo online



VIII. SOLUTION

-------------------------

SpamTitan has released a 6.04 patch to address this vulnerability. If
you are unable to upgrade, please consider the following workaround.





By William Costa
http://twitter.com/willcosta