Squirrelmail Address Add Plugin 'add.php'跨站漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109104 漏洞类型 跨站脚本
发布时间 2005-09-29 更新时间 2007-08-02
CVE编号 CVE-2005-3128 CNNVD-ID CNNVD-200510-006
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/26305
https://www.securityfocus.com/bid/14973
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200510-006
|漏洞详情
SquirrelMail是一款由PHP4语言编写,基于标准的webmail软件包。SquirrelmailAddressAddPlugin中的add.php存在XSS漏洞,攻击者通过IMG标签可以插入任意的脚本或者HTML文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/14973/info

SquirrelMail Address Add Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 

http://www.example.com/squirrelmail_root_dir/plugins/address_add/add.php?first=HOVER%20ME!%22%20onMouseOver=%22alert('foo');
|受影响的产品
SquirrelMail SquirrelMail 1.4.2 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + Ma
|参考资料

来源:XF
名称:squirrelmail-add-xss(22453)
链接:http://xforce.iss.net/xforce/xfdb/22453
来源:squirrelmail.org
链接:http://squirrelmail.org/plugin_view.php?id=101
来源:SECUNIA
名称:16987
链接:http://secunia.com/advisories/16987/
来源:MISC
链接:http://moritz-naumann.com/adv/0002/sqmadd/0002.txt
来源:BUGTRAQ
名称:20050928SquirrelMailAddressAddPluginXSS
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=112801672520766&w=2
来源:BID
名称:25159
链接:http://www.securityfocus.com/bid/25159
来源:BID
名称:14973
链接:http://www.securityfocus.com/bid/14973
来源:MANDRIVA
名称:MDKSA-2005:178
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:178
来源:VUPEN
名称:ADV-2007-2732
链接:http://www.frsirt.com/english/advisories/2007/2732
来源:SECTRACK
名称:1014988
链接:http://securitytracker.com/id?1014988
来源:SECUNIA
名称:26235
链接:http://secunia.com/advisories/26235
来源:APPLE
名称:APPLE-SA-2007-07-31
链接:http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
来源:docs.info.apple.com
链接:http://docs.info.apple.com/article.html?artnum=306172