Open WebMail Error Message Session ID XSS

2005-09-03T13:44:40
ID OSVDB:19225
Type osvdb
Reporter s3cure(s3cure@poczta.fm)
Modified 2005-09-03T13:44:40

Description

Vulnerability Description

Open WebMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sessionid' variable upon submission to multiple scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Open WebMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sessionid' variable upon submission to multiple scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-here xss&action=listmessages_afterlogin

/openwebmail-send.pl?sessionid=[XSS] /openwebmail-advsearch.pl?sessionid=[XSS] /openwebmail-folder.pl?action=editfolders&sessionid=[XSS] /openwebmail-prefs.pl?action=editprefs&sessionid=[XSS] /openwebmail-abook.pl?sessionid=[XSS] /openwebmail-main.pl?sessionid=[XSS] /openwebmail-read.pl?sessionid=[XSS] /openwebmail-cal.pl?sessionid=[XSS] /openwebmail-webdisk.pl?action=showdir&sessionid=[XSS]

References:

Vendor URL: http://www.openwebmail.org/ Secunia Advisory ID:16734 Other Advisory URL: http://pridels.blogspot.com/2006/04/open-webmail-251-xss-vuln.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0034.html Mail List Post: http://attrition.org/pipermail/vim/2006-May/000746.html ISS X-Force ID: 22202 CVE-2006-2190 CVE-2005-2863 Bugtraq ID: 14771