what you don't know can hurt you

Lsoft ListServ 16 Cross Site Scripting

Lsoft ListServ 16 Cross Site Scripting
Posted Aug 17, 2012
Authored by Jose Carlos de Arriba

Lsoft ListServ version 16 suffers from a cross site scripting vulnerability. The issue is fixed in WA revision r4276.

tags | exploit, xss
MD5 | 6a9de701e2135a6233a7e3fc4ce5459d

Lsoft ListServ 16 Cross Site Scripting

Change Mirror Download
============================================================
FOREGROUND SECURITY, SECURITY ADVISORY 2012-001
- Original release date: August 16, 2012
- Discovered by: Jose Carlos de Arriba (Penetration Testing Team Lead at Foreground Security)
- Contact: (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com)
- Twitter: @jcarriba
- Severity: 4.3/10 (Base CVSS Score)
============================================================

I. VULNERABILITY
-------------------------
Lsoft ListServ v16 (WA revision R4241) Cross-Site Scripting (XSS) vulnerability (prior versions have not been checked but could be vulnerable too).

II. BACKGROUND
-------------------------
LISTSERV launched the email list industry 25 years ago and remains the gold standard. Continuously developed to meet the latest demands, LISTSERV provides the power, reliability and enterprise-level performance you need to manage all of your opt-in email lists, including email newsletters, announcement lists, discussion groups and email communities.

L-Soft is a pioneer in the fields of email list management software, email marketing software and email list hosting services. L-Soft's solutions are used for managing email newsletters, discussion groups, email communities and opt-in email marketing campaigns.

III. DESCRIPTION
-------------------------
Lsoft ListServ v16 (WA revision R4241) presents a Cross-Site Scripting (XSS) vulnerability on the parameters 'SHOWTPL' in the web form page, due to an insufficient sanitization on user supplied data and encoding output.

A malicious user could perform session hijacking or phishing attacks.

IV. PROOF OF CONCEPT
-------------------------
http://www.example.com/SCRIPTS/WA.EXE?SHOWTPL=<script>alert(document.cookie)</script>

V. BUSINESS IMPACT
-------------------------
An attacker could perform session hijacking or phishing attacks.

VI. SYSTEMS AFFECTED
-------------------------
Lsoft ListServ v16 - WA revision R4241 (prior or later versions have not been checked so could be affected).

VII. SOLUTION
-------------------------
Fixed on WA revision r4276.

VIII. REFERENCES
-------------------------
http://www.foregroundsecurity.com/
http://www.painsec.com
http://www.lsoft.com/

IX. CREDITS
-------------------------
This vulnerability has been discovered by Jose Carlos de Arriba (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com).

X. REVISION HISTORY
-------------------------
- August 16, 2012: Initial release.

XI. DISCLOSURE TIMELINE
-------------------------
August 8, 2012: Vulnerability discovered by Jose Carlos de Arriba.
August 8, 2012: Vendor contacted by email.
August 9, 2012: Response from vendor asking for details and security advisory sent to it.
August 15, 2012: Security advisory sent to vendor.
August 15, 2012: Response from vendor with a new WA revision (r4276) with bug fixed.
August 16, 2012: Security advisory released


XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.


Jose Carlos de Arriba, CISSP
Penetration Testing Team Lead
Foreground Security
www.foregroundsecurity.com
jcarriba (a t) foregroundsecurity (d o t ) com

Login or Register to add favorites

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close