Kmail main.php Multiple Variable XSS

2006-04-28T05:02:37
ID OSVDB:25061
Type osvdb
Reporter r0t(krustevs@googlemail.com)
Modified 2006-04-28T05:02:37

Description

Vulnerability Description

Kmail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' and 'ordner' variables upon submission to the main.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Kmail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' and 'ordner' variables upon submission to the main.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

/main.php?action=showmail&id=[XSS]&bmsession=b77f6a49569a0e6e2d35a8c14cd3ace2

/main.php?ordner=[XSS]&bmsession=1f2a3aeb01fd5253be322a704e53469f

References:

Vendor URL: http://www.webofall.com/displaynews.php?id=4 Secunia Advisory ID:19755 Related OSVDB ID: 25064 Related OSVDB ID: 25062 Related OSVDB ID: 25063 Related OSVDB ID: 25065 Other Advisory URL: http://pridels.blogspot.com/2006/04/kmail-23-vuln.html FrSIRT Advisory: ADV-2006-1564 CVE-2006-2104