NetWin Surgemail XSS vulnerability

2011.01.11
Credit: kerem
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

Application NetWin Surgemail 4.3e Vendor NetWin - http://netwinsite.com Discovered by Kerem Kocaer <kerem.kocaer (at) bitsec (dot) se [email concealed]> Problem ------- Cross-site scripting (XSS) vulnerability in the Surgemail webmail login page (/surgemail) allows remote attackers to inject arbitrary web script or HTML. Input passed to the "username_ex" parameter is not properly sanitised before being returned to the user, therefore enabling the execution of arbitrary script code in a user's browser session, which can lead to cookie theft and session hijacking. The vulnerability is confirmed to exist in version 4.3e (latest version at the date of vulnerability discovery). Previous versions may also be vulnerable. Exploit ------- http://[address]/surgeweb?username_ex="/><scri<script>alert(document.coo kie);</script><input type="hidden (tested on Firefox) Fix --- The vendor has reported fixing the problem in version 4.3g. Timeline -------- 2010-05-13 Notified NetWin (ChrisP.) 2010-05-13 Received response from NetWin 2010-05-13 Provided details to NetWin 2010-05-26 Surgemail patched Reference --------- CVE Number: CVE-2010-3201

Referencje:

http://www.securityfocus.com/bid/43679
http://www.securityfocus.com/archive/1/archive/1/514115/100/0/threaded
http://secunia.com/advisories/41685
http://ictsec.se/?p=108


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top