[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: SquirrelMail Cross Scripting Attacks....
From: Alvin Alex <alvin_gboy () hotmail ! com>
Date: 2004-04-29 21:09:06
Message-ID: 20040429210906.31136.qmail () www ! securityfocus ! com
[Download RAW message or body]
SquirrelMail latest version (although is tested on version 1.4.2) is prone to many \
cross scripting attacks that can be used to steal user cookies.The Exploit lies in \
the way squirrel mail represents the folder names and shows them.To make the matters \
worse.No extra unique variable added to the url for each user therefore it is easy \
for the attacker to just pass the url in mail and steal the session cookie.
Some of the exploit are at :
http://victim.com/mail/src/compose.php?mailbox=INBOX
which can be replaced as follows
http://victim.com/mail/src/compose.php?mailbox="><script>malacious \
script</script>
Example:
http://victim.com/mail/src/compose.php?mailbox="><script>window.alert(document.cookie)</script>
-------------------------------------------------------------------------
Squirrel Mail Coders have been informed of this vulnerability but the vulnerability \
still exists in their latest version.
-------------------------------------------------------------------------
Please Let me know if i am wrong anywhere...
Regards,
Alvin
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic