[23983] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Vulnerabilities in squirrelmail

daemon@ATHENA.MIT.EDU (Tom McAdam)
Thu Jan 24 19:08:37 2002

Date: Thu, 24 Jan 2002 22:53:02 +0000 (GMT)
From: Tom McAdam <tomc@future-i.com>
To: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>
Message-ID: <Pine.LNX.4.20L2.0201242237160.3115-100000@budvar.future-i.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII


Multiple security vulnerabilties exist in SquirrelMail < v 1.2.3 that
allow malicious HTML messages to:

* send messages appearing to come from the user
* run arbitrary javascript

Description
-----------
The compose.php script allows parameters to be passed as GETs.  Therefore
including the following in an HTML mail will send a message to x@y.com:

<img 
src="compose.php?send_to=x@y.com&subject=foo&bar=bar&send=1">

The read_body.php script does not check HTML tags for javascript.  A
trivial example:

<img src="javascript:alert('Oh dear')">


Resolution
----------
Upgrade to version 1.2.3 of SquirrelMail


Acknowledgements
----------------
Thanks to for Philippe Mingo for fixing this bug


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23983] in bugtraq

Vulnerabilities in squirrelmail

daemon@ATHENA.MIT.EDU (Tom McAdam)Thu Jan 24 19:08:37 2002

daemon@ATHENA.MIT.EDU (Tom McAdam)
Thu Jan 24 19:08:37 2002