[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    SquirrelMail Cross Scripting Attacks....
From:       Alvin Alex <alvin_gboy () hotmail ! com>
Date:       2004-04-29 21:09:06
Message-ID: 20040429210906.31136.qmail () www ! securityfocus ! com
[Download RAW message or body]



SquirrelMail latest version (although is tested on version 1.4.2) is prone to many \
cross scripting attacks that can be used to steal user cookies.The Exploit lies in \
the way squirrel mail represents the folder names and shows them.To make the matters \
worse.No extra unique variable added to the url for each user therefore it is easy \
for the attacker to just pass the url in mail and steal the session cookie.

Some of the exploit are at :

http://victim.com/mail/src/compose.php?mailbox=INBOX

which can be replaced as follows

http://victim.com/mail/src/compose.php?mailbox=">&lt;script&gt;malacious \
script&lt;/script&gt;

Example:

http://victim.com/mail/src/compose.php?mailbox=">&lt;script&gt;window.alert(document.cookie)&lt;/script&gt;


-------------------------------------------------------------------------

Squirrel Mail Coders have been informed of this vulnerability but the vulnerability \
still exists in their latest version.

-------------------------------------------------------------------------

Please Let me know if i am wrong anywhere...

Regards,
Alvin


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic