Hmm... https://workserver//mailman/options/ak3barons?language=<SCRIPT>ale rt('Can%20Cross%20Site%20Attack')</SCRIPT> returns: <h2>Error</h2><strong>Invalid options to CGI script.</strong> 2.0.11 doesn't seem to be vulnerable to this. (although it's got some other issues, but nothing serious for an internal site..) > -----Original Message----- > From: webmaster@procheckup.com [mailto:webmaster@procheckup.com] > Sent: Friday, January 24, 2003 5:35 AM > To: bugtraq@securityfocus.com > Subject: Mailman: cross-site scripting bug > > > > > Product: Mailman > Affected Version: 2.1 not other version has been tested > Vendor's URL: http://www.gnu.org/software/mailman/ > Solution: TBC > Author: Manuel Rodriguez > > Introduction: > ------------ > Mailman is software to help manage electronic mail discussion > lists, much > like Majordomo or Smartmail. And Mailman have web interface systems. > > > Example: > ----------------- > This is a simple example for version 2.1: > > 1) With mailman options the email variable is vulnerable to > cross-site > scripting. > > You can recognise the vulnerabilities with this type of URL: > > https://www.yourserver.com:443/mailman/options/yourlist? > language=en&email=<SCRIPT>alert('Can%20Cross%20Site%20At > tack')</SCRIPT> > and that prove that any (malicious) script code is possible on web > interface part of Mailman. > > 2) The default error page mailman generates does not > adequately filter its > input making it susceptible to cross-site scripting. > > https://www.yourserver.com:443//mailman/options/yourlist? > language=<SCRIPT>alert('Can%20Cross%20Site%20Attack')< > ;/SCRIPT> >
Attachment:
smime.p7s
Description: application/pkcs7-signature
