Bugtraq mailing list archives
Vulnerabilities in squirrelmail
From: Tom McAdam <tomc () future-i com>
Date: Thu, 24 Jan 2002 22:53:02 +0000 (GMT)
Multiple security vulnerabilties exist in SquirrelMail < v 1.2.3 that allow malicious HTML messages to: * send messages appearing to come from the user * run arbitrary javascript Description ----------- The compose.php script allows parameters to be passed as GETs. Therefore including the following in an HTML mail will send a message to x () y com: <img src="compose.php?send_to=x () y com&subject=foo&bar=bar&send=1"> The read_body.php script does not check HTML tags for javascript. A trivial example: <img src="javascript:alert('Oh dear')"> Resolution ---------- Upgrade to version 1.2.3 of SquirrelMail Acknowledgements ---------------- Thanks to for Philippe Mingo for fixing this bug
Current thread:
- Vulnerabilities in squirrelmail Tom McAdam (Jan 24)