Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting

From: zeno <zeno () cgisecurity net>
Date: Wed, 28 Nov 2001 05:09:56 -0500 (EST)
Hello,

This isn't a major threat or anything but this product does allow cross site scripting.

From the list of sites below as examples you get an idea of just how popular this product is.


http://www1.dshield.org/mailman/listinfo/<img%20src=javascript:alert(document.domain)>
http://mail.gnu.org/mailman/listinfo/<img%20src=javascript:alert(document.domain)>
http://lists.bell-labs.com/mailman/listinfo/<img%20src=javascript:alert(document.domain)>
http://mail.gnome.org/mailman/listinfo/<img%20src=javascript:alert(document.domain)>
http://www.lists.apple.com/mailman/listinfo/<img%20src=javascript:alert(document.domain)>

Patching information is included within the advisory.

- zeno

PS: advisory can also be located at http://www.cgisecurity.org/advisory/7.txt

                                  [ Cgi Security Advisory #7 ]
                                     admin () cgisecurity com
                         Mailman Email archiver Cross Site Scripting Hole




Found
November 2001

Public Release
Sometime in November 2001


Vendor Contacted
November 2001

Scripts Effected: Mailman Email Archiver
Price: Free

Versions:
All Versions appear to be effected

Platforms:
Unix, Linux, Other? 

Vendor:
http://sourceforge.net/projects/mailman


1. Problem

This product is affected by a Cross Site Scripting hole, which may allow
an attacker to trick a user into thinking something the attacker wrote
actually came from the site that is effected. This involves some social 
engineering to a point but could possibly allow gathering of user information
and other types of fraud.


http://host/mailman/listinfo/<img%20src=javascript:alert(document.domain)>

This will gladly show you a pop up javascript box.


2. Fixes

The vendor has been notified of the problem, 
Upgrade to version 2.0.8 in order to fix this problem.

TarBalls
http://sourceforge.net/project/showfiles.php?group_id=103




Published to the Public November 2001
Copyright November 2001 Cgisecurity.com
Previous By Date Next
Previous By Thread Next

Current thread: