[23280] in bugtraq
Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting
daemon@ATHENA.MIT.EDU (zeno)
Wed Nov 28 15:43:41 2001
From: zeno <zeno@cgisecurity.net>
Message-Id: <200111281009.fASA9uw07967@cgisecurity.net>
To: bugs@securitytracker.com, bugtraq@securityfocus.com,
vuln-dev@securityfocus.com, vulnwatch@vulnwatch.org
Date: Wed, 28 Nov 2001 05:09:56 -0500 (EST)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hello,
This isn't a major threat or anything but this product does allow cross site scripting.
From the list of sites below as examples you get an idea of just how popular this product is.
http://www1.dshield.org/mailman/listinfo/<img%20src=javascript:alert(document.domain)>
http://mail.gnu.org/mailman/listinfo/<img%20src=javascript:alert(document.domain)>
http://lists.bell-labs.com/mailman/listinfo/<img%20src=javascript:alert(document.domain)>
http://mail.gnome.org/mailman/listinfo/<img%20src=javascript:alert(document.domain)>
http://www.lists.apple.com/mailman/listinfo/<img%20src=javascript:alert(document.domain)>
Patching information is included within the advisory.
- zeno
PS: advisory can also be located at http://www.cgisecurity.org/advisory/7.txt
[ Cgi Security Advisory #7 ]
admin@cgisecurity.com
Mailman Email archiver Cross Site Scripting Hole
Found
November 2001
Public Release
Sometime in November 2001
Vendor Contacted
November 2001
Scripts Effected: Mailman Email Archiver
Price: Free
Versions:
All Versions appear to be effected
Platforms:
Unix, Linux, Other?
Vendor:
http://sourceforge.net/projects/mailman
1. Problem
This product is affected by a Cross Site Scripting hole, which may allow
an attacker to trick a user into thinking something the attacker wrote
actually came from the site that is effected. This involves some social
engineering to a point but could possibly allow gathering of user information
and other types of fraud.
http://host/mailman/listinfo/<img%20src=javascript:alert(document.domain)>
This will gladly show you a pop up javascript box.
2. Fixes
The vendor has been notified of the problem,
Upgrade to version 2.0.8 in order to fix this problem.
TarBalls
http://sourceforge.net/project/showfiles.php?group_id=103
Published to the Public November 2001
Copyright November 2001 Cgisecurity.com
