oss-sec mailing list archives
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history
From: Rafał Malinowski <rafal.przemyslaw.malinowski () gmail com>
Date: Mon, 27 Feb 2012 22:09:38 +0100
Affected versions: 0.9.0 - 0.11.0 (0.11.1 is not vulnerable) Vulnerability: Any javascript code could be executed from Kadu History Window in following conditions: * application owner send a prepared SMS and content of this SMS was stored in history file * owner of application has an attacker on his buddy list, attacker sets a prepared presence message/status description and this presence message/status description is stored in history file and then: * owner of application views given SMS or presence message/status description in history window Javascript code was allowed to: * load any file from WEB, by <img> or <script> tags, even <object> with flash files were possible * read files from local file system * (not confirmed by myself) write files to local file system * show javascript windows (like alert)
Current thread:
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history, (continued)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Mateusz Goik (Feb 27)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Mateusz Goik (Feb 27)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 27)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 27)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
- Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 29)