SympaXSS.txt

SympaXSS.txt: Posted Aug 24, 2004; Authored by Joxean Koret; Sympa versions 4.1.x and below are susceptible to cross site scripting attacks.; tags | advisory, xss; SHA-256 | dca5ea288d664feb25de06ceaa5845417be3a151f5960a1b08d989b0f6436781; Download | Favorite | View

SympaXSS.txt



--------------------------------------------------------------------------- 
              Cross Site Scripting Vulnerability in 
Sympa  
--------------------------------------------------------------------------- 
 
Author: Joxean Koret 
Date: 2004  
Location: Basque Country 
 
--------------------------------------------------------------------------- 
 
Affected software description: 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
 
Sympa Version 4.1.X and prior to version 4.1 
 
Sympa is a rich open source mailing list 
software. Its design highly focuses  
on customization possibilities and ease of 
administration.  
 
--------------------------------------------------------------------------- 
 
Vulnerabilities: 
~~~~~~~~~~~~~~~~ 
 
A. Cross Site Scripting Vulnerability 
 
A1. I found a cross site scripting vulnerability in 
the creation list option. 
 
This could allow for execution of hostile HTML 
and script code in the web  
client of a user who visits a web page that 
contains the malicious code.  
This would occur in the security context of the 
site hosting the software. 
  
Exploitation could allow for theft of cookie-based 
authentication credentials. Other attacks are 
also possible.  
 
To test it follow these steps :  
 
 1.- Navigate to http://<site-with-sympa>/wws 
 2.- Login with a valid e-mail and password (or 
click in the Send me Password option and follow 
the instructions) 
 3.- Click on create list option 
 4.- In the "List Name" field enter the text that you 
want. 
 5.- In the "Subject" field enter the subject that 
you want. 
 6.- Select your preferred topic 
 7.- In the description field insert the following 
text :  
  
 Whatever_you_want<script>alert("Your cookie 
is " + document.cookie)</script> 
 
 8.- Click on "Submit your creation Request" 
button. 
 9.- The list is created. 
 10.- Now, click on "List Info". You will see your 
cookie in a javascript "alert" message box 
 
The fix: 
~~~~~~~~ 
 
The vendor is contacted but no fixes are 
released at the moment. 
 
References 
~~~~~~~~~~ 
 
The bug in the Sympa bugtracking list : 
 
http://listes.cru.fr/mantis/view_bug_advanced_page.php?f_id=0000327 
 
The Sympa web site :  
 
http://www.sympa.org 
 
--------------------------------------------------------------------------- 
Contact: 
~~~~~~~~ 
 
  Joxean Koret at 
joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

SympaXSS.txt

SympaXSS.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

SympaXSS.txt

Share This

SympaXSS.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems