ID PACKETSTORM:121871 Type packetstorm Reporter Manuel Garcia Cardenas Modified 2013-06-04T00:00:00
Description
`=============================================
INTERNET SECURITY AUDITORS ALERT 2013-009
- Original release date: March 15th, 2013
- Last revised: June 4th, 2013
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
- CVE-ID: CVE-2013-2621,
CVE-2013-2623,
CVE-2013-2624
=============================================
I. VULNERABILITY
-------------------------
Multiple Vulnerabilities in Telaen <= 1.3.0
II. BACKGROUND
-------------------------
Telaen is a webmail reader application supporting both IMAP and POP3
protocols. It can be installed without dependence of any PHP's extra
modules or a separate database. It is Open source software published
under GNU General Public License (GPL).
The last version of Telaen is 1.3.0 released on January 2012.
III. DESCRIPTION
-------------------------
Telaen 1.3.0 and lower versions contain a flaw that allows a remote
redirection attack. This flaw exists because the application does not
properly sanitise the file "redir.php". This allows an attacker to
create a specially crafted URL, that if clicked, would redirect a
victim from the intended legitimate web site to an arbitrary web site
of the attacker's choice.
Aditionaly, it has been detected a reflected XSS vulnerability in
Telaen 1.3.0 and lower versions, that allows the execution of
arbitrary HTML/JavaScript code to be executed in the context of the
victim user's browser. The code injection is done through the
parameter "f_email" in the page index.php.
Due to the errors caused by the application Telaen 1.3.0 and lower
versions, we can display the full webapp installation path.
IV. PROOF OF CONCEPT
-------------------------
REDIRECT:
http://vulnerablesite.com/telaen/redir.php?http://www.malicious-site.com
XSS:
http://vulnerablesite.com/telaen/index.php?tid=default&lid=en_UK&f_email="><script>alert("XSS")</script>
FULL PATH DISCLOSURE: http://vulnerablesite.com/telaen/inc/init.php
V. BUSINESS IMPACT
-------------------------
REDIRECT: An attacker can redirect any user to any malicious website.
Below I have mentioned the vulnerable URL.
XSS: An attacker can execute arbitrary HTML or JavaScript code in a
targeted user's browser, this can leverage to steal sensitive
information as user credentials, personal data, etc.
FULL PATH DISCLOSURE: An attacker can obtain the full path to the
applitation and if the webroot is getting leaked, attackers may abuse
the knowledge and use it in combination with file inclusion
vulnerabilites to steal configuration files regarding the web
application or the rest of the operating system.
VI. SYSTEMS AFFECTED
-------------------------
Versions of Telaen < v1.3.1.
VII. SOLUTION
-------------------------
REDIRECT AND XSS: All data received by the application and can be
modified by the user, before making any kind of transaction with them
must be validated.
FULL PATH DISCLOSURE: Turn off display errors in the configuration and
unify the error pages.
VIII. REFERENCES
-------------------------
http://www.telaen.com
http://www.isecauditors.com
IX. CREDITS
-------------------------
This vulnerability has been discovered
by Manuel Garcia Cardenas (mgarcia (at) isecauditors (dot) com).
X. REVISION HISTORY
------------------------
March 15, 2013: Initial release.
June 4, 2013: Last release
XI. DISCLOSURE TIMELINE
-------------------------
March 15, 2013: Vulnerability acquired by
Internet Security Auditors (www.isecauditors.com)
March 20, 2013: Sent to Devel Team.
March 28, 2013: Schedule for new version.
April 4, 2013: New version published.
June 3, 2013: Advisory sent to lists.
XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise.
Internet Security Auditors accepts no responsibility for any damage
caused by the use or misuse of this information.
XIII. ABOUT
-------------------------
Internet Security Auditors is a Spain based leader in web application
testing, network security, penetration testing, security compliance
implementation and assessing. Our clients include some of the largest
companies in areas such as finance, telecommunications, insurance,
ITC, etc. We are vendor independent provider with a deep expertise
since 2001. Our efforts in R&D include vulnerability research, open
security project collaboration and whitepapers, presentations and
security events participation and promotion. For further information
regarding our security services, contact us.
XIV. FOLLOW US
-------------------------
You can follow Internet Security Auditors, news and security
advisories at:
https://www.facebook.com/ISecAuditors
https://twitter.com/ISecAuditors
http://www.linkedin.com/company/internet-security-auditors
http://www.youtube.com/user/ISecAuditors
`
{"id": "PACKETSTORM:121871", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Telaen 1.3.0 XSS / Open Redirection / Disclosure", "description": "", "published": "2013-06-04T00:00:00", "modified": "2013-06-04T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:UNKNOWN/C:PARTIAL/I:NONE/A:NONE/", "score": 4.4}, "href": "https://packetstormsecurity.com/files/121871/Telaen-1.3.0-XSS-Open-Redirection-Disclosure.html", "reporter": "Manuel Garcia Cardenas", "references": [], "cvelist": ["CVE-2013-2624", "CVE-2013-2621", "CVE-2013-2623"], "lastseen": "2016-12-05T22:23:17", "viewCount": 11, "enchantments": {"score": {"value": 4.9, "vector": "NONE", "modified": "2016-12-05T22:23:17", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-2621", "CVE-2013-2624", "CVE-2013-2623"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310803646"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29599", "SECURITYVULNS:VULN:13172", "SECURITYVULNS:DOC:29941", "SECURITYVULNS:VULN:13366"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:123557"]}, {"type": "zdt", "idList": ["1337DAY-ID-21365"]}, {"type": "exploitdb", "idList": ["EDB-ID:38548", "EDB-ID:38545", "EDB-ID:38546"]}], "modified": "2016-12-05T22:23:17", "rev": 2}, "vulnersScore": 4.9}, "sourceHref": "https://packetstormsecurity.com/files/download/121871/telaen-xssdiscloseredir.txt", "sourceData": "`============================================= \nINTERNET SECURITY AUDITORS ALERT 2013-009 \n- Original release date: March 15th, 2013 \n- Last revised: June 4th, 2013 \n- Discovered by: Manuel Garcia Cardenas \n- Severity: 4,8/10 (CVSS Base Score) \n- CVE-ID: CVE-2013-2621, \nCVE-2013-2623, \nCVE-2013-2624 \n============================================= \n \nI. VULNERABILITY \n------------------------- \nMultiple Vulnerabilities in Telaen <= 1.3.0 \n \nII. BACKGROUND \n------------------------- \nTelaen is a webmail reader application supporting both IMAP and POP3 \nprotocols. It can be installed without dependence of any PHP's extra \nmodules or a separate database. It is Open source software published \nunder GNU General Public License (GPL). \n \nThe last version of Telaen is 1.3.0 released on January 2012. \n \nIII. DESCRIPTION \n------------------------- \nTelaen 1.3.0 and lower versions contain a flaw that allows a remote \nredirection attack. This flaw exists because the application does not \nproperly sanitise the file \"redir.php\". This allows an attacker to \ncreate a specially crafted URL, that if clicked, would redirect a \nvictim from the intended legitimate web site to an arbitrary web site \nof the attacker's choice. \n \nAditionaly, it has been detected a reflected XSS vulnerability in \nTelaen 1.3.0 and lower versions, that allows the execution of \narbitrary HTML/JavaScript code to be executed in the context of the \nvictim user's browser. The code injection is done through the \nparameter \"f_email\" in the page index.php. \n \nDue to the errors caused by the application Telaen 1.3.0 and lower \nversions, we can display the full webapp installation path. \n \nIV. PROOF OF CONCEPT \n------------------------- \nREDIRECT: \nhttp://vulnerablesite.com/telaen/redir.php?http://www.malicious-site.com \n \nXSS: \nhttp://vulnerablesite.com/telaen/index.php?tid=default&lid=en_UK&f_email=\"><script>alert(\"XSS\")</script> \n \nFULL PATH DISCLOSURE: http://vulnerablesite.com/telaen/inc/init.php \n \nV. BUSINESS IMPACT \n------------------------- \nREDIRECT: An attacker can redirect any user to any malicious website. \nBelow I have mentioned the vulnerable URL. \n \nXSS: An attacker can execute arbitrary HTML or JavaScript code in a \ntargeted user's browser, this can leverage to steal sensitive \ninformation as user credentials, personal data, etc. \n \nFULL PATH DISCLOSURE: An attacker can obtain the full path to the \napplitation and if the webroot is getting leaked, attackers may abuse \nthe knowledge and use it in combination with file inclusion \nvulnerabilites to steal configuration files regarding the web \napplication or the rest of the operating system. \n \nVI. SYSTEMS AFFECTED \n------------------------- \nVersions of Telaen < v1.3.1. \n \nVII. SOLUTION \n------------------------- \nREDIRECT AND XSS: All data received by the application and can be \nmodified by the user, before making any kind of transaction with them \nmust be validated. \n \nFULL PATH DISCLOSURE: Turn off display errors in the configuration and \nunify the error pages. \n \nVIII. REFERENCES \n------------------------- \nhttp://www.telaen.com \nhttp://www.isecauditors.com \n \nIX. CREDITS \n------------------------- \nThis vulnerability has been discovered \nby Manuel Garcia Cardenas (mgarcia (at) isecauditors (dot) com). \n \nX. REVISION HISTORY \n------------------------ \nMarch 15, 2013: Initial release. \nJune 4, 2013: Last release \n \nXI. DISCLOSURE TIMELINE \n------------------------- \nMarch 15, 2013: Vulnerability acquired by \nInternet Security Auditors (www.isecauditors.com) \nMarch 20, 2013: Sent to Devel Team. \nMarch 28, 2013: Schedule for new version. \nApril 4, 2013: New version published. \nJune 3, 2013: Advisory sent to lists. \n \n \nXII. LEGAL NOTICES \n------------------------- \nThe information contained within this advisory is supplied \"as-is\" \nwith no warranties or guarantees of fitness of use or otherwise. \nInternet Security Auditors accepts no responsibility for any damage \ncaused by the use or misuse of this information. \n \nXIII. ABOUT \n------------------------- \nInternet Security Auditors is a Spain based leader in web application \ntesting, network security, penetration testing, security compliance \nimplementation and assessing. Our clients include some of the largest \ncompanies in areas such as finance, telecommunications, insurance, \nITC, etc. We are vendor independent provider with a deep expertise \nsince 2001. Our efforts in R&D include vulnerability research, open \nsecurity project collaboration and whitepapers, presentations and \nsecurity events participation and promotion. For further information \nregarding our security services, contact us. \n \nXIV. FOLLOW US \n------------------------- \nYou can follow Internet Security Auditors, news and security \nadvisories at: \nhttps://www.facebook.com/ISecAuditors \nhttps://twitter.com/ISecAuditors \nhttp://www.linkedin.com/company/internet-security-auditors \nhttp://www.youtube.com/user/ISecAuditors \n`\n"}
{"cve": [{"lastseen": "2021-02-02T06:06:52", "description": "Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the \"f_email\" parameter in index.php.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-02-03T15:15:00", "title": "CVE-2013-2623", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2623"], "modified": "2020-02-04T15:26:00", "cpe": [], "id": "CVE-2013-2623", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2623", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:06:52", "description": "Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-02-03T15:15:00", "title": "CVE-2013-2624", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2624"], "modified": "2020-02-04T15:29:00", "id": "CVE-2013-2624", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2624", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-02-02T06:06:52", "description": "Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-02-03T15:15:00", "title": "CVE-2013-2621", "type": "cve", "cwe": ["CWE-601"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2621"], "modified": "2020-02-04T17:02:00", "cpe": [], "id": "CVE-2013-2621", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2621", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": []}], "openvas": [{"lastseen": "2020-05-08T19:06:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2624", "CVE-2013-2621", "CVE-2013-2623"], "description": "This host is running Telaen and is prone to multiple vulnerabilities.", "modified": "2020-05-06T00:00:00", "published": "2013-06-10T00:00:00", "id": "OPENVAS:1361412562310803646", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803646", "type": "openvas", "title": "Telaen Multiple Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Telaen Multiple Vulnerabilities\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803646\");\n script_version(\"2020-05-06T07:10:15+0000\");\n script_cve_id(\"CVE-2013-2621\", \"CVE-2013-2623\", \"CVE-2013-2624\");\n script_bugtraq_id(60290, 60288, 60340);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 07:10:15 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-06-10 16:45:05 +0530 (Mon, 10 Jun 2013)\");\n script_name(\"Telaen Multiple Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2013/Jun/12\");\n script_xref(name:\"URL\", value:\"http://exploitsdownload.com/exploit/na/telaen-130-xss-open-redirection-disclosure\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to perform open redirection,\n obtain sensitive information and execute arbitrary code in a user's browser\n session in context of an affected site.\");\n\n script_tag(name:\"affected\", value:\"Telaen version 1.3.0 and prior\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - Improper validation of input passed to 'f_email' parameter upon submission\n to the '/telaen/index.php' script.\n\n - Improper validation of user-supplied input upon submission to the\n '/telaen/redir.php' script.\n\n - Issue when requested for the '/telaen/inc/init.php' script.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Telaen version 1.3.1 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is running Telaen and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_app\");\n script_xref(name:\"URL\", value:\"http://www.telaen.com\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"http_keepalive.inc\");\n\nPort = http_get_port(default:80);\n\nif(!http_can_host_php(port:Port)){\n exit(0);\n}\n\nforeach dir (make_list_unique(\"/\", \"/telaen\", \"/webmail\", http_cgi_dirs(port:Port)))\n{\n if(dir == \"/\") dir = \"\";\n\n res = http_get_cache(item:string(dir, \"/index.php\"), port:Port);\n\n if('>Powered by Telaen' >< res && 'login' >< res)\n {\n\n host = http_host_name(port:Port);\n req = http_get(item:string(dir, \"/redir.php?http://\", host, \"/telaen/index.php\"), port:Port);\n res = http_keepalive_send_recv(port:Port, data:req, bodyonly:FALSE);\n\n if(res && res =~ \"^HTTP/1\\.[01] 200\")\n {\n matched= eregmatch(string:res, pattern:\">http://[0-9.]+(.*)</a>\");\n if(matched[1])\n {\n url = dir + matched[1];\n req = http_get(item:url, port:Port);\n res = http_keepalive_send_recv(port:Port, data:req);\n\n if('>Powered by Telaen' >< res && 'login' >< res){\n security_message(port:Port);\n exit(0);\n }\n }\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "cvelist": ["CVE-2013-2624", "CVE-2013-2621", "CVE-2013-2623"], "description": "\r\n\r\n=============================================\r\nINTERNET SECURITY AUDITORS ALERT 2013-009\r\n- Original release date: March 15th, 2013\r\n- Last revised: June 4th, 2013\r\n- Discovered by: Manuel Garcia Cardenas\r\n- Severity: 4,8/10 (CVSS Base Score)\r\n- CVE-ID: CVE-2013-2621,\r\n CVE-2013-2623,\r\n CVE-2013-2624\r\n=============================================\r\n\r\nI. VULNERABILITY\r\n-------------------------\r\nMultiple Vulnerabilities in Telaen <= 1.3.0\r\n\r\nII. BACKGROUND\r\n-------------------------\r\nTelaen is a webmail reader application supporting both IMAP and POP3\r\nprotocols. It can be installed without dependence of any PHP's extra\r\nmodules or a separate database. It is Open source software published\r\nunder GNU General Public License (GPL).\r\n\r\nThe last version of Telaen is 1.3.0 released on January 2012.\r\n\r\nIII. DESCRIPTION\r\n-------------------------\r\nTelaen 1.3.0 and lower versions contain a flaw that allows a remote\r\nredirection attack. This flaw exists because the application does not\r\nproperly sanitise the file "redir.php". This allows an attacker to\r\ncreate a specially crafted URL, that if clicked, would redirect a\r\nvictim from the intended legitimate web site to an arbitrary web site\r\nof the attacker's choice.\r\n\r\nAditionaly, it has been detected a reflected XSS vulnerability in\r\nTelaen 1.3.0 and lower versions, that allows the execution of\r\narbitrary HTML/JavaScript code to be executed in the context of the\r\nvictim user's browser. The code injection is done through the\r\nparameter "f_email" in the page index.php.\r\n\r\nDue to the errors caused by the application Telaen 1.3.0 and lower\r\nversions, we can display the full webapp installation path.\r\n\r\nIV. PROOF OF CONCEPT\r\n-------------------------\r\nREDIRECT:\r\nhttp://vulnerablesite.com/telaen/redir.php?http://www.malicious-site.com\r\n\r\nXSS:\r\nhttp://vulnerablesite.com/telaen/index.php?tid=default&lid=en_UK&f_email="><script>alert("XSS")</script>\r\n\r\nFULL PATH DISCLOSURE: http://vulnerablesite.com/telaen/inc/init.php\r\n\r\nV. BUSINESS IMPACT\r\n-------------------------\r\nREDIRECT: An attacker can redirect any user to any malicious website.\r\nBelow I have mentioned the vulnerable URL.\r\n\r\nXSS: An attacker can execute arbitrary HTML or JavaScript code in a\r\ntargeted user's browser, this can leverage to steal sensitive\r\ninformation as user credentials, personal data, etc.\r\n\r\nFULL PATH DISCLOSURE: An attacker can obtain the full path to the\r\napplitation and if the webroot is getting leaked, attackers may abuse\r\nthe knowledge and use it in combination with file inclusion\r\nvulnerabilites to steal configuration files regarding the web\r\napplication or the rest of the operating system.\r\n\r\nVI. SYSTEMS AFFECTED\r\n-------------------------\r\nVersions of Telaen < v1.3.1.\r\n\r\nVII. SOLUTION\r\n-------------------------\r\nREDIRECT AND XSS: All data received by the application and can be\r\nmodified by the user, before making any kind of transaction with them\r\nmust be validated.\r\n\r\nFULL PATH DISCLOSURE: Turn off display errors in the configuration and\r\nunify the error pages.\r\n\r\nVIII. REFERENCES\r\n-------------------------\r\nhttp://www.telaen.com\r\nhttp://www.isecauditors.com\r\n\r\nIX. CREDITS\r\n-------------------------\r\nThis vulnerability has been discovered\r\nby Manuel Garcia Cardenas (mgarcia (at) isecauditors (dot) com).\r\n\r\nX. REVISION HISTORY\r\n------------------------\r\nMarch 15, 2013: Initial release.\r\nJune 4, 2013: Last release\r\n\r\nXI. DISCLOSURE TIMELINE\r\n-------------------------\r\nMarch 15, 2013: Vulnerability acquired by\r\n Internet Security Auditors (www.isecauditors.com)\r\nMarch 20, 2013: Sent to Devel Team.\r\nMarch 28, 2013: Schedule for new version.\r\nApril 4, 2013: New version published.\r\nJune 3, 2013: Advisory sent to lists.\r\n\r\n\r\nXII. LEGAL NOTICES\r\n-------------------------\r\nThe information contained within this advisory is supplied "as-is"\r\nwith no warranties or guarantees of fitness of use or otherwise.\r\nInternet Security Auditors accepts no responsibility for any damage\r\ncaused by the use or misuse of this information.\r\n\r\nXIII. ABOUT\r\n-------------------------\r\nInternet Security Auditors is a Spain based leader in web application\r\ntesting, network security, penetration testing, security compliance\r\nimplementation and assessing. Our clients include some of the largest\r\ncompanies in areas such as finance, telecommunications, insurance,\r\nITC, etc. We are vendor independent provider with a deep expertise\r\nsince 2001. Our efforts in R&D include vulnerability research, open\r\nsecurity project collaboration and whitepapers, presentations and\r\nsecurity events participation and promotion. For further information\r\nregarding our security services, contact us.\r\n\r\nXIV. FOLLOW US\r\n-------------------------\r\nYou can follow Internet Security Auditors, news and security\r\nadvisories at:\r\nhttps://www.facebook.com/ISecAuditors\r\nhttps://twitter.com/ISecAuditors\r\nhttp://www.linkedin.com/company/internet-security-auditors\r\nhttp://www.youtube.com/user/ISecAuditors\r\n", "edition": 1, "modified": "2013-07-15T00:00:00", "published": "2013-07-15T00:00:00", "id": "SECURITYVULNS:DOC:29599", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29599", "title": "[ISecAuditors Security Advisories] Multiple Vulnerabilities in Telaen <= 1.3.0", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "cvelist": ["CVE-2013-2622", "CVE-2013-2621", "CVE-2013-2623"], "description": "\r\n\r\n=============================================\r\nINTERNET SECURITY AUDITORS ALERT 2013-008\r\n- Original release date: March 15th, 2013\r\n- Last revised: March 20th, 2013\r\n- Discovered by: Manuel Garcia Cardenas\r\n- Severity: 4,8/10 (CVSS Base Score)\r\n- CVE-ID: CVE-2013-2621,\r\n CVE-2013-2622,\r\n CVE-2013-2623\r\n=============================================\r\n\r\nI. VULNERABILITY\r\n-------------------------\r\nMultiple Vulnerabilities in Uebimiau <= 2.7.11\r\n\r\nII. BACKGROUND\r\n-------------------------\r\nUebiMiau is a webmail reader application supporting both IMAP and POP3\r\nprotocols. It can be installed without dependence of any PHP's extra\r\nmodules or a\r\n\r\nseparate database. It is Open source software published under GNU\r\nGeneral Public License (GPL).\r\n\r\nUebiMiau has not been developed since March 2006 and does not work with\r\nPHP 5.3 due to its use of deprecated functions. A new project, which is\r\na forked\r\n\r\nreboot of UebiMiau based on the jimjag patches, named Telaen is an\r\nactively developed drop-in replacement.\r\n\r\nIII. DESCRIPTION\r\n-------------------------\r\nUebimiau 2.7.11 and lower versions contain a flaw that allows a remote\r\nredirection attack. This flaw exists because the application does not\r\nproperly\r\n\r\nsanitise the file "redir.php". This allows an attacker to create a\r\nspecially crafted URL, that if clicked, would redirect a victim from the\r\nintended\r\n\r\nlegitimate web site to an arbitrary web site of the attacker's choice.\r\n\r\nAditionaly, it has been detected a reflected XSS vulnerability in\r\nUebimiau 2.7.11 and lower versions, that allows the execution of\r\narbitrary HTML/JavaScript\r\n\r\ncode to be executed in the context of the victim user's browser. The\r\ncode injection is done through the parameter "f_email" in the page\r\nindex.php and\r\n\r\nparameter "selected_theme" in the page error.php.\r\n\r\nIV. PROOF OF CONCEPT\r\n-------------------------\r\nREDIRECT:\r\nhttp://vulnerablesite.com/uebimiau/redir.php?http://www.malicious-site.com\r\n\r\nXSS 1:\r\nhttp://vulnerablesite.com/uebimiau/error.php?f_pass=blackybr&sess[auth]=1&selected_theme="><script>alert("XSS")</script>\r\n\r\nXSS 2:\r\nhttp://vulnerablesite.com/uebimiau/index.php?tid=default&lid=en_UK&f_email="><script>alert("XSS")</script>\r\n\r\nV. BUSINESS IMPACT\r\n-------------------------\r\nREDIRECT: An attacker can redirect any user to any malicious website.\r\nBelow I have mentioned the vulnerable URL.\r\n\r\nXSS: An attacker can execute arbitrary HTML or JavaScript code in a\r\ntargeted user's browser, this can leverage to steal sensitive\r\ninformation as user\r\n\r\ncredentials, personal data, etc.\r\n\r\nVI. SYSTEMS AFFECTED\r\n-------------------------\r\nAll Versions of Uebimiau.\r\n\r\nVII. SOLUTION\r\n-------------------------\r\nREDIRECT AND XSS: All data received by the application and can be\r\nmodified by the user, before making any kind of transaction with them\r\nmust be validated.\r\n\r\nVIII. REFERENCES\r\n-------------------------\r\nhttp://www.uebimiau.org\r\nhttp://www.isecauditors.com\r\n\r\nIX. CREDITS\r\n-------------------------\r\nThis vulnerability has been discovered\r\nby Manuel Garcia Cardenas (mgarcia (at) isecauditors (dot) com).\r\n\r\nX. REVISION HISTORY\r\n------------------------\r\nMarch 15, 2013 1: Initial release\r\n\r\nXI. DISCLOSURE TIMELINE\r\n-------------------------\r\nMarch 15, 2013: Vulnerability acquired by\r\n Internet Security Auditors (www.isecauditors.com)\r\nMarch 20, 2013: Sent to devel Manager.\r\nMarch 21, 2013: Answer. After 4 years of previous version, the\r\ndeveloper\r\n will publish new patched version in 3 days!\r\nSeptember 26, 2013: Ask to devel manager for feedback\r\nOctober 09, 2013: After some months without feedback, we do a\r\nfull-disclosure\r\n\r\nXII. LEGAL NOTICES\r\n-------------------------\r\nThe information contained within this advisory is supplied "as-is" with\r\nno warranties or guarantees of fitness of use or otherwise.\r\nInternet Security Auditors accepts no responsibility for any damage\r\ncaused by the use or misuse of this information.\r\n\r\nXIII. ABOUT\r\n-------------------------\r\nInternet Security Auditors is a Spain based leader in web application\r\ntesting, network security, penetration testing, security compliance\r\nimplementation and assessing. Our clients include some of the largest\r\ncompanies in areas such as finance, telecommunications, insurance, ITC,\r\netc. We are\r\n\r\nvendor independent provider with a deep expertise since 2001. Our\r\nefforts in R&D include vulnerability research, open security project\r\ncollaboration and\r\n\r\nwhitepapers, presentations and security events participation and\r\npromotion. For further information regarding our security services,\r\ncontact us.\r\n\r\nXIV. FOLLOW US\r\n-------------------------\r\nYou can follow Internet Security Auditors, news and security advisories at:\r\nhttps://www.facebook.com/ISecAuditors\r\nhttps://twitter.com/ISecAuditors\r\nhttp://www.linkedin.com/company/internet-security-auditors\r\nhttp://www.youtube.com/user/ISecAuditors\r\n\r\n", "edition": 1, "modified": "2013-10-13T00:00:00", "published": "2013-10-13T00:00:00", "id": "SECURITYVULNS:DOC:29941", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29941", "title": "[ISecAuditors Security Advisories] Multiple Vulnerabilities in Uebimiau <= 2.7.11", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:09:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-4621", "CVE-2013-3635", "CVE-2013-3639", "CVE-2013-3514", "CVE-2013-3729", "CVE-2012-6458", "CVE-2013-3551", "CVE-2013-3294", "CVE-2013-3728", "CVE-2013-3295", "CVE-2013-3637", "CVE-2013-2624", "CVE-2013-4088", "CVE-2013-3515", "CVE-2013-3727", "CVE-2013-3636", "CVE-2013-1777", "CVE-2013-2621", "CVE-2013-3739", "CVE-2013-2623", "CVE-2013-3638"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2013-07-15T00:00:00", "published": "2013-07-15T00:00:00", "id": "SECURITYVULNS:VULN:13172", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13172", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "cvelist": ["CVE-2013-0245", "CVE-2013-2622", "CVE-2013-2651", "CVE-2012-0825", "CVE-2012-0826", "CVE-2013-5978", "CVE-2012-5653", "CVE-2013-5977", "CVE-2012-5651", "CVE-2013-5744", "CVE-2012-5652", "CVE-2013-0244", "CVE-2013-2621", "CVE-2013-2623"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2013-10-13T00:00:00", "published": "2013-10-13T00:00:00", "id": "SECURITYVULNS:VULN:13366", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13366", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:17:44", "description": "", "published": "2013-10-09T00:00:00", "type": "packetstorm", "title": "Uebimiau 2.7.11 Cross Site Scripting / Open Redirection", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2622", "CVE-2013-2621", "CVE-2013-2623"], "modified": "2013-10-09T00:00:00", "id": "PACKETSTORM:123557", "href": "https://packetstormsecurity.com/files/123557/Uebimiau-2.7.11-Cross-Site-Scripting-Open-Redirection.html", "sourceData": "`============================================= \nINTERNET SECURITY AUDITORS ALERT 2013-008 \n- Original release date: March 15th, 2013 \n- Last revised: March 20th, 2013 \n- Discovered by: Manuel Garcia Cardenas \n- Severity: 4,8/10 (CVSS Base Score) \n- CVE-ID: CVE-2013-2621, \nCVE-2013-2622, \nCVE-2013-2623 \n============================================= \n \nI. VULNERABILITY \n------------------------- \nMultiple Vulnerabilities in Uebimiau <= 2.7.11 \n \nII. BACKGROUND \n------------------------- \nUebiMiau is a webmail reader application supporting both IMAP and POP3 \nprotocols. It can be installed without dependence of any PHP's extra \nmodules or a \n \nseparate database. It is Open source software published under GNU \nGeneral Public License (GPL). \n \nUebiMiau has not been developed since March 2006 and does not work with \nPHP 5.3 due to its use of deprecated functions. A new project, which is \na forked \n \nreboot of UebiMiau based on the jimjag patches, named Telaen is an \nactively developed drop-in replacement. \n \nIII. DESCRIPTION \n------------------------- \nUebimiau 2.7.11 and lower versions contain a flaw that allows a remote \nredirection attack. This flaw exists because the application does not \nproperly \n \nsanitise the file \"redir.php\". This allows an attacker to create a \nspecially crafted URL, that if clicked, would redirect a victim from the \nintended \n \nlegitimate web site to an arbitrary web site of the attacker's choice. \n \nAditionaly, it has been detected a reflected XSS vulnerability in \nUebimiau 2.7.11 and lower versions, that allows the execution of \narbitrary HTML/JavaScript \n \ncode to be executed in the context of the victim user's browser. The \ncode injection is done through the parameter \"f_email\" in the page \nindex.php and \n \nparameter \"selected_theme\" in the page error.php. \n \nIV. PROOF OF CONCEPT \n------------------------- \nREDIRECT: \nhttp://vulnerablesite.com/uebimiau/redir.php?http://www.malicious-site.com \n \nXSS 1: \nhttp://vulnerablesite.com/uebimiau/error.php?f_pass=blackybr&sess[auth]=1&selected_theme=\"><script>alert(\"XSS\")</script> \n \nXSS 2: \nhttp://vulnerablesite.com/uebimiau/index.php?tid=default&lid=en_UK&f_email=\"><script>alert(\"XSS\")</script> \n \nV. BUSINESS IMPACT \n------------------------- \nREDIRECT: An attacker can redirect any user to any malicious website. \nBelow I have mentioned the vulnerable URL. \n \nXSS: An attacker can execute arbitrary HTML or JavaScript code in a \ntargeted user's browser, this can leverage to steal sensitive \ninformation as user \n \ncredentials, personal data, etc. \n \nVI. SYSTEMS AFFECTED \n------------------------- \nAll Versions of Uebimiau. \n \nVII. SOLUTION \n------------------------- \nREDIRECT AND XSS: All data received by the application and can be \nmodified by the user, before making any kind of transaction with them \nmust be validated. \n \nVIII. REFERENCES \n------------------------- \nhttp://www.uebimiau.org \nhttp://www.isecauditors.com \n \nIX. CREDITS \n------------------------- \nThis vulnerability has been discovered \nby Manuel Garcia Cardenas (mgarcia (at) isecauditors (dot) com). \n \nX. REVISION HISTORY \n------------------------ \nMarch 15, 2013 1: Initial release \n \nXI. DISCLOSURE TIMELINE \n------------------------- \nMarch 15, 2013: Vulnerability acquired by \nInternet Security Auditors (www.isecauditors.com) \nMarch 20, 2013: Sent to devel Manager. \nMarch 21, 2013: Answer. After 4 years of previous version, the \ndeveloper \nwill publish new patched version in 3 days! \nSeptember 26, 2013: Ask to devel manager for feedback \nOctober 09, 2013: After some months without feedback, we do a \nfull-disclosure \n \nXII. LEGAL NOTICES \n------------------------- \nThe information contained within this advisory is supplied \"as-is\" with \nno warranties or guarantees of fitness of use or otherwise. \nInternet Security Auditors accepts no responsibility for any damage \ncaused by the use or misuse of this information. \n \nXIII. ABOUT \n------------------------- \nInternet Security Auditors is a Spain based leader in web application \ntesting, network security, penetration testing, security compliance \nimplementation and assessing. Our clients include some of the largest \ncompanies in areas such as finance, telecommunications, insurance, ITC, \netc. We are \n \nvendor independent provider with a deep expertise since 2001. Our \nefforts in R&D include vulnerability research, open security project \ncollaboration and \n \nwhitepapers, presentations and security events participation and \npromotion. For further information regarding our security services, \ncontact us. \n \nXIV. FOLLOW US \n------------------------- \nYou can follow Internet Security Auditors, news and security advisories at: \nhttps://www.facebook.com/ISecAuditors \nhttps://twitter.com/ISecAuditors \nhttp://www.linkedin.com/company/internet-security-auditors \nhttp://www.youtube.com/user/ISecAuditors \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/123557/uebimiau-xssredir.txt"}], "zdt": [{"lastseen": "2018-03-14T17:13:44", "description": "Uebimiau versions 2.7.11 and below suffer from open redirect and cross site scripting vulnerabilities.", "edition": 2, "published": "2013-10-10T00:00:00", "type": "zdt", "title": "Uebimiau 2.7.11 Cross Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2622", "CVE-2013-2621", "CVE-2013-2623"], "modified": "2013-10-10T00:00:00", "id": "1337DAY-ID-21365", "href": "https://0day.today/exploit/description/21365", "sourceData": "=============================================\r\nINTERNET SECURITY AUDITORS ALERT 2013-008\r\n- Original release date: March 15th, 2013\r\n- Last revised: March 20th, 2013\r\n- Discovered by: Manuel Garcia Cardenas\r\n- Severity: 4,8/10 (CVSS Base Score)\r\n- CVE-ID: CVE-2013-2621,\r\n CVE-2013-2622,\r\n CVE-2013-2623\r\n=============================================\r\n\r\nI. VULNERABILITY\r\n-------------------------\r\nMultiple Vulnerabilities in Uebimiau <= 2.7.11\r\n\r\nII. BACKGROUND\r\n-------------------------\r\nUebiMiau is a webmail reader application supporting both IMAP and POP3\r\nprotocols. It can be installed without dependence of any PHP's extra\r\nmodules or a\r\n\r\nseparate database. It is Open source software published under GNU\r\nGeneral Public License (GPL).\r\n\r\nUebiMiau has not been developed since March 2006 and does not work with\r\nPHP 5.3 due to its use of deprecated functions. A new project, which is\r\na forked\r\n\r\nreboot of UebiMiau based on the jimjag patches, named Telaen is an\r\nactively developed drop-in replacement.\r\n\r\nIII. DESCRIPTION\r\n-------------------------\r\nUebimiau 2.7.11 and lower versions contain a flaw that allows a remote\r\nredirection attack. This flaw exists because the application does not\r\nproperly\r\n\r\nsanitise the file \"redir.php\". This allows an attacker to create a\r\nspecially crafted URL, that if clicked, would redirect a victim from the\r\nintended\r\n\r\nlegitimate web site to an arbitrary web site of the attacker's choice.\r\n\r\nAditionaly, it has been detected a reflected XSS vulnerability in\r\nUebimiau 2.7.11 and lower versions, that allows the execution of\r\narbitrary HTML/JavaScript\r\n\r\ncode to be executed in the context of the victim user's browser. The\r\ncode injection is done through the parameter \"f_email\" in the page\r\nindex.php and\r\n\r\nparameter \"selected_theme\" in the page error.php.\r\n\r\nIV. PROOF OF CONCEPT\r\n-------------------------\r\nREDIRECT:\r\nhttp://vulnerablesite.com/uebimiau/redir.php?http://www.malicious-site.com\r\n\r\nXSS 1:\r\nhttp://vulnerablesite.com/uebimiau/error.php?f_pass=blackybr&sess[auth]=1&selected_theme=\"><script>alert(\"XSS\")</script>\r\n\r\nXSS 2:\r\nhttp://vulnerablesite.com/uebimiau/index.php?tid=default&lid=en_UK&f_email=\"><script>alert(\"XSS\")</script>\r\n\r\nV. BUSINESS IMPACT\r\n-------------------------\r\nREDIRECT: An attacker can redirect any user to any malicious website.\r\nBelow I have mentioned the vulnerable URL.\r\n\r\nXSS: An attacker can execute arbitrary HTML or JavaScript code in a\r\ntargeted user's browser, this can leverage to steal sensitive\r\ninformation as user\r\n\r\ncredentials, personal data, etc.\r\n\r\nVI. SYSTEMS AFFECTED\r\n-------------------------\r\nAll Versions of Uebimiau.\r\n\r\nVII. SOLUTION\r\n-------------------------\r\nREDIRECT AND XSS: All data received by the application and can be\r\nmodified by the user, before making any kind of transaction with them\r\nmust be validated.\r\n\r\nVIII. REFERENCES\r\n-------------------------\r\nhttp://www.uebimiau.org\r\nhttp://www.isecauditors.com\r\n\r\nIX. CREDITS\r\n-------------------------\r\nThis vulnerability has been discovered\r\nby Manuel Garcia Cardenas (mgarcia (at) isecauditors (dot) com).\r\n\r\nX. REVISION HISTORY\r\n------------------------\r\nMarch 15, 2013 1: Initial release\r\n\r\nXI. DISCLOSURE TIMELINE\r\n-------------------------\r\nMarch 15, 2013: Vulnerability acquired by\r\n Internet Security Auditors (www.isecauditors.com)\r\nMarch 20, 2013: Sent to devel Manager.\r\nMarch 21, 2013: Answer. After 4 years of previous version, the\r\ndeveloper\r\n will publish new patched version in 3 days!\r\nSeptember 26, 2013: Ask to devel manager for feedback\r\nOctober 09, 2013: After some months without feedback, we do a\r\nfull-disclosure\n\n# 0day.today [2018-03-14] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/21365"}], "exploitdb": [{"lastseen": "2016-02-04T08:19:44", "description": "Telaen 2.7.x Cross Site Scripting Vulnerability. CVE-2013-2623. Webapps exploit for php platform", "published": "2013-06-04T00:00:00", "type": "exploitdb", "title": "Telaen 2.7.x Cross Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2623"], "modified": "2013-06-04T00:00:00", "id": "EDB-ID:38545", "href": "https://www.exploit-db.com/exploits/38545/", "sourceData": "source: http://www.securityfocus.com/bid/60288/info\r\n\r\nTelaen is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.\r\n\r\nVersions prior to Telaen 1.3.1 are vulnerable. \r\n\r\nhttp://www.example.com/telaen/index.php?tid=default&lid=en_UK&f_email=\"><script>alert(\"XSS\")</script> ", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/38545/"}, {"lastseen": "2016-02-04T08:20:05", "description": "Telaen Information Disclosure Vulnerability. CVE-2013-2624. Webapps exploit for php platform", "published": "2013-06-03T00:00:00", "type": "exploitdb", "title": "Telaen Information Disclosure Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2624"], "modified": "2013-06-03T00:00:00", "id": "EDB-ID:38548", "href": "https://www.exploit-db.com/exploits/38548/", "sourceData": "source: http://www.securityfocus.com/bid/60340/info\r\n\r\nTelaen is prone to an information-disclosure vulnerability.\r\n\r\nSuccessful exploits will allow attackers to obtain sensitive information that may aid in further attacks.\r\n\r\nVersions prior to Telaen 1.3.1 are vulnerable.\r\n\r\nhhtp://www.example.com//telaen/inc/init.php ", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/38548/"}, {"lastseen": "2016-02-04T08:19:51", "description": "Telaen 2.7.x Open Redirection Vulnerability. CVE-2013-2621. Webapps exploit for php platform", "published": "2013-06-04T00:00:00", "type": "exploitdb", "title": "Telaen 2.7.x Open Redirection Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2621"], "modified": "2013-06-04T00:00:00", "id": "EDB-ID:38546", "href": "https://www.exploit-db.com/exploits/38546/", "sourceData": "source: http://www.securityfocus.com/bid/60290/info\r\n\r\nTelaen is prone to an open-redirection vulnerability.\r\n\r\nAn attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.\r\n\r\nVersions prior to Telaen 1.3.1 are vulnerable. \r\n\r\nhttp://www.example.com/telaen/redir.php?http://www.malicious-site.com ", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/38546/"}]}
