[Tickets #14857] Re: Multiple XSS security vulnerabilities
noreply at bugs.horde.org
noreply at bugs.horde.org
Sun Sep 30 20:53:09 UTC 2018
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/14857
------------------------------------------------------------------------------
Ticket | 14857
Updated By | 610code at gmail.com
Summary | Multiple XSS security vulnerabilities
Queue | Horde Groupware
Version | 5.2.22
Type | Bug
State | Resolved
Priority | 3. High
Milestone |
Patch |
Owners | Michael Rubinsky
------------------------------------------------------------------------------
610code at gmail.com (2018-09-30 20:53) wrote:
Hi,
first of all, thanks for the ping via email. It was a busy week. ;)
Second: I found copy/paste of requests I used (from Burp on the other VM).
To use them: update your cookie for valid one (you can use Burp) because
to exploit it you'll need to be an 'admin' anyway.
Then, sqlmap should be good to reproduce (-r request.txt).
As far as I remember 'display_errors' was enabled.
One note to add:
I tried those requests (with display_err to On and Off) for version
5.2.19 and .21 as well.
I could not reproduce those 'steps' (for mentioned versions) this
time - so it's a little surprise for me to be honest. ;)
I did not yet check .22 version.
As we spoke more privately:
because we can not reproduce it now - it could be a false positive.
But I think if it's just 'depend' on something we don't know now/yet - that
is still worth to investigate (from the source code 'perspective').
If I can help - let me know.
Thank you for your time.
Best regards,
Cody
> I have asked the original reporter of CVE-2017-17781 to clarify the
> steps which are needed to produce a SQL injection. If a consensus
> cannot be reached or if he does not reply to this issue again, I
> will ask MITRE to review CVE-2017-17781. They might then either
> reject the issue or mark it as disputed.
More information about the bugs
mailing list