URL:
<http://savannah.nongnu.org/bugs/?func=detailitem&item_id=12930>
Summary: Cross site scripting bug in m2h_text_html::filter
Project: MHonArc
Submitted by: None
Submitted on: Mon 05/02/2005 at 04:26
Category: MIME Filter
Severity: 3 - Normal
Item Group: Security
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Platform Version: All
Perl Version: probably all...
Component Version: 2.36
Fixed Release:
_______________________________________________________
Details:
There's a cross site scrpiting bug in m2h_text_html::filter.
An HTML email with the following data causes XSS:
<a href='/' style='background:url(vbscript:MsgBox("XSS
!!!"))'></a>
Notice that it bypasses the anti "javascript" trick of mhonarc (in which
MHonArc will replace the "javascript" string with "_javascript_", effectively
defanging the Javascript code)
simply by using the scheme "vbscript", not "javascript" (this of course
limits the attack to IE clients and any other browser which supports the
"vbscript" scheme).
MHonArc should look for (and defang) the following keywords:
"vbscript", "livescript", "lavascript", "ecmascript", "jscript", and
"mocha".
Thanks,
-Amit Klein
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?func=detailitem&item_id=12930>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV