anonymous
Sun, 01 May 2005 21:57:43 -0700
URL: <http://savannah.nongnu.org/bugs/?func=detailitem&item_id=12930> Summary: Cross site scripting bug in m2h_text_html::filter Project: MHonArc Submitted by: None Submitted on: Mon 05/02/2005 at 04:26 Category: MIME Filter Severity: 3 - Normal Item Group: Security Status: None Privacy: Public Assigned to: None Open/Closed: Open Platform Version: All Perl Version: probably all... Component Version: 2.36 Fixed Release: _______________________________________________________ Details: There's a cross site scrpiting bug in m2h_text_html::filter. An HTML email with the following data causes XSS: <a href='/' style='background:url(vbscript:MsgBox("XSS !!!"))'></a> Notice that it bypasses the anti "javascript" trick of mhonarc (in which MHonArc will replace the "javascript" string with "_javascript_", effectively defanging the Javascript code) simply by using the scheme "vbscript", not "javascript" (this of course limits the attack to IE clients and any other browser which supports the "vbscript" scheme). MHonArc should look for (and defang) the following keywords: "vbscript", "livescript", "lavascript", "ecmascript", "jscript", and "mocha". Thanks, -Amit Klein _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?func=detailitem&item_id=12930> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ --------------------------------------------------------------------- To sign-off this list, send email to [EMAIL PROTECTED] with the message text UNSUBSCRIBE MHONARC-DEV