mailman i walniete triggery

Jakub Bogusz qboosh w pld.org.pl
Sob, 25 Sty 2003, 16:03:46 CET


On Sat, Jan 25, 2003 at 03:30:22PM +0100, Robert J. Wozny wrote:
> PS. prawie dobre 2.1 juz jest za chwile do mielenia.

A co z wykrytym niedawno XSS?
Niech będzie tutaj - jeszcze nie mamy pakietów z 2.1.


Affected Version: 2.1 not other version has been tested
(ktoś stwierdził, że 2.0.11 nie wygląda na podatną)

This is a simple example for version 2.1:

1) With mailman options the email variable is vulnerable to cross-site
scripting.

You can recognise the vulnerabilities with this type of URL:

https://www.yourserver.com:443/mailman/options/yourlist?
language=en&email=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>
and that prove that any (malicious) script code is possible on web
interface part of Mailman.

2) The default error page mailman generates does not adequately filter its
input making it susceptible to cross-site scripting.

https://www.yourserver.com:443//mailman/options/yourlist?
language=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>


-- 
Jakub Bogusz    http://www.cs.net.pl/~qboosh/



Więcej informacji o liście dyskusyjnej pld-devel-pl