[Tickets #5063] HTML INJECT Vulenrability
bugs at bugs.horde.org
bugs at bugs.horde.org
Mon Mar 5 09:27:43 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5063
-----------------------------------------------------------------------
Ticket | 5063
Created By | asamad at arpatech.com
Summary | HTML INJECT Vulenrability
Queue | IMP
Version | 4.1
Type | Bug
State | Unconfirmed
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
asamad at arpatech.com (2007-03-05 01:27) wrote:
Horde IMP is prone to an HTML injection vulnerability. This issue is due to
a failure in
the application to properly sanitize variable 'url'.
Attacker-supplied HTML and script code would be executed in the context of
the affected
Web site, potentially allowing for theft of cookie-based authentication
credentials. An
attacker could also exploit this issue to control how the site is rendered
to the user;
other attacks are also possible.
This would effect even an unauthenticated user which could be directed to
a malicious web page resulting in information theft or even system
compromise by injecting Trojans.
PROOF OF CONCEPT CODE:
http://<HOST>/index.php?url=<any web.html>
A prompt responce will be highly appreciated.
Thankyou
Abdus Samad
Advanced Research Projects and Technologies
More information about the bugs
mailing list