ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: CommuniGate Pro web mail persistent cross-sitescripting vulnerability



> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf 
> Of Alla Bezroutchko
> Sent: Sunday, May 13, 2007 1:00 AM
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: [Full-disclosure] CommuniGate Pro web mail 
> persistent cross-sitescripting vulnerability
> 
> 1) Summary
> 
> Affected software: Stalker CommuniGate Pro version 5.1.8 and below
> Vendor URL:        www.stalker.com
> Severity:          Medium
> 
> 2) Vulnerability Description
> 
> CommuniGate Pro is a communication server supporting a large number of
> protocols. It includes a web mail system. The web mail system suffers
> from a persistent cross-site scripting vulnerability. Web mail
> application fails to sanitize incoming HTML emails properly. 
> An attacker
> can send a specially crafted email message to a user of 
> CommuniGate Pro.
> When the user views the attacker's message using web mail client and
> Internet Explorer, the JavaScript embedded into attacker's 
> message gets
> executed. The attacker can use JavaScript code to perform any actions
> in the web mail on behalf of the user, for example change settings,
> steal messages, etc.
> 
> 3) Verification
> 
> Send an HTML email message containing the following code and view it
> with Internet Explorer using CommuniGate Pro web mail client:
> 
> <STYLE>@im\port'\ja\vasc\ript:alert("XSS in message body (style using
> import)")';</STYLE>
> 
> 4) Solution
> 
> Upgrade to CommuniGate Pro version 5.1.9.
> 
> 5) Time Table
> 
> 2005/11/18 Vendor was informed
> 2005/11/19 Vendor replied saying that they will investigate the report
> 2007/04/30 Vendor was notified again
> 2007/05/12 Vendor releases fixed version
> 2007/05/12 Scanit publishes advisory
> 
> 6) Additional Information
> 
>     * The original advisory can be found here:
> http://www.scanit.be/advisory-2007-05-12.html
>     * An automatic tool for checking for cross-site scripting problems
> in web mail systems can be downloaded here: 
> http://www.scanit.be/excess.html
>     * Special thanks to RSnake for his XSS cheatsheet
> (http://ha.ckers.org/xss.html)
> 
> 
> 7) About Scanit
> 
> Scanit is a security company located in Brussels, Belgium. We 
> specialise
> in security assessments, offering services such as penetration tests,
> application source code reviews, and risk assessments. More 
> information
> can be found at http://www.scanit.be/
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 



 




Copyright © Lexa Software, 1996-2009.