[Tickets #5063] HTML INJECT Vulenrability

bugs at bugs.horde.org bugs at bugs.horde.org
Mon Mar 5 09:27:43 UTC 2007


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=5063
-----------------------------------------------------------------------
 Ticket             | 5063
 Created By         | asamad at arpatech.com
 Summary            | HTML INJECT Vulenrability
 Queue              | IMP
 Version            | 4.1
 Type               | Bug
 State              | Unconfirmed
 Priority           | 2. Medium
 Owners             | 
-----------------------------------------------------------------------


asamad at arpatech.com (2007-03-05 01:27) wrote:

Horde IMP is prone to an HTML injection vulnerability. This issue is due to
a failure in
the application to properly sanitize variable 'url'.

Attacker-supplied HTML and script code would be executed in the context of
the affected
Web site, potentially allowing for theft of cookie-based authentication
credentials. An
attacker could also exploit this issue to control how the site is rendered
to the user;
other attacks are also possible.

This would effect even an unauthenticated user which could be directed to
a malicious web page resulting in information theft or even system
compromise by injecting Trojans.

PROOF OF CONCEPT CODE:


http://<HOST>/index.php?url=<any web.html>

A prompt responce will be highly appreciated.

Thankyou
Abdus Samad
Advanced Research Projects and Technologies





More information about the bugs mailing list