1st Class Mail Server general.tagz XSS

2004-04-08T05:49:02
ID OSVDB:5015
Type osvdb
Reporter Dr_insane(dr_insane@pathfinder.gr)
Modified 2004-04-08T05:49:02

Description

Vulnerability Description

1st Class Mail Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Mailbox variable upon submission to the general.tagz script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

1st Class Mail Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Mailbox variable upon submission to the general.tagz script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/AUTH=[some_value]/user/general.tagz?Site=www.hack.gr&Mailbox=[html_code]

References:

Vendor URL: http://www.1cis.com/ Security Tracker: 1009705 Secunia Advisory ID:11330 Related OSVDB ID: 5014 Related OSVDB ID: 5013 Related OSVDB ID: 5011 Related OSVDB ID: 5016 Related OSVDB ID: 5012 Related OSVDB ID: 5017 Other Advisory URL: http://members.lycos.co.uk/r34ct/main/1st%20Class%20mail%20server%204.01.txt ISS X-Force ID: 15815 CVE-2004-2447 Bugtraq ID: 10089