看板 Bugtraq 關於我們 聯絡資訊
發信人jan@horde.org (Jan Schneider),
看板Bugtraq
標 題Re: Horde Webmail Multiple HTML Injection vulnerability
發信站NCTU CSIE FreeBSD Server (Wed Mar 28 07:29:04 2007)
轉信站ptt!FreeBSD.csie.NCTU!not-for-mail
This is lame. Cpanel doesn't use Horde Groupware Webmail Edition. The Cpanel demo server has an old version of Horde installed. The search.php issues has been fixed in a release already and reported =20 earlier, even on this list. Re rule.php: what kind of XSS is that supposed to be, where the victim =20 has to enter the offending code himself? Try entering =20 "javascript:alert('XSS')" in your browser location field: i hacked you! Do at least your basic homework if you want to be taken seriously. Good luck. Zitat von DoZ@HackersCenter.com: > Horde Webmail Multiple HTML Injection vulnerability > > Horde Groupware Webmail Edition is a free, enterprise ready, browser =20 > based communication suite. Users can read, send and organize email =20 > messages and manage and share calendars, contacts, tasks and notes =20 > with the standards compliant components from the Horde Project. > An attacker may leverage this issue to have arbitrary script code =20 > execute in the browser of an unsuspecting user in the context of the =20 > affected site. This may help the attacker steal cookie-based =20 > authentication credentials and launch other attacks. A successful =20 > exploit could allow an attacker to compromise the application, =20 > access or modify data, or exploit vulnerabilities in the underlying =20 > database implementation. Some XSS attacks can deface the =20 > Application, as shown in the proff of concept. > > > > Hackers Center Security Group (http://www.hackerscenter.com) > Credit: Doz > > > Remote: No > Local: Yes > Class: Input Validation Error > > > Application: Horde Webmail > Vendor: http://www.horde.org/ > Version: 1.0 > > > Exploit is not needed, Attackers can exploit these issues via a web client= .. > > > Vulnerable Files: search.php - rule.php > > > /horde/imp/search.php > > /horde/ingo/rule.php > > > Live Proff of Concept: (3/22/2007) > > http://demo.cpanel.net:2095/horde/index.php > > User: Demo > Pass: Demo > > * Go to mail than Expand and Select Filters! > > > Pics Proff of Concept: > > - http://www.uploadimage.info/images/8943pic1.JPG
> - http://www.uploadimage.info/images/78230pic2.JPG
> > > Security researcher? Join us: mail Zinho at zinho at hackerscenter.com > Jan. --=20 Do you need professional PHP or Horde consulting? http://horde.org/consulting/