what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Horde IMP 4.3.7 Cross Site Scripting

Horde IMP 4.3.7 Cross Site Scripting
Posted Sep 28, 2010
Authored by Moritz Naumann

Horde IMP versions 4.3.7 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9ff41ba9177770ccbc820350c56510861d2b3872483ac859fa61a08f09314f64

Horde IMP 4.3.7 Cross Site Scripting

Change Mirror Download
Hi,

Horde IMP v4.3.7 and lower are subject to a cross site scripting (XSS)
vulnerability:

The fetchmailprefs.php script fails to properly sanitize user supplied
input to the 'fm_id' URL parameter. If exploited, injected code will be
persistent (persistent XSS) and will execute once the user (manually)
accesses mail fetching preferences.

The following URL can be used as a proof of concept:
> [path_to_horde_imp]/fetchmailprefs.php?actionID=fetchmail_prefs_save&fm_driver=imap&fm_id=zzz%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E%3Cx+y%3D%22&fm_protocol=pop3&fm_lmailbox=INBOX&save=Create

Prior authentication to IMP is required for immediate exploitation.
Follow-up authentication is also possible if the victims' IMP
configuration has folder maintenance options disabled.

This issue has been fixed by Jan Schneider of the Horde Project:
> https://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11

According to him, Horde IMP v4.3.8 (or a release candidate) which fixes
this issue is to be released within the week. Release announcements will
likely be communicated through
https://lists.horde.org/mailman/listinfo/announce

Credits for this discovery:

Moritz Naumann
Naumann IT Security Consulting, Berlin, Germany
https://moritz-naumann.com

Thanks for reading,

Moritz

--
Naumann IT Security Consulting
Samariterstr. 16
10247 Berlin
Germany

Web https://moritz-naumann.com
GPG https://moritz-naumann.com/keys/0x277F060C.asc
17FE F47E CE81 FC3A 8D6C 85A0 9FA1 A4BD 277F 060C

Inhaber: Moritz Naumann · StNr. 22/652/12010 · USt-IdNr. DE266365097
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close