Summary | HTML INJECT Vulenrability |
Queue | IMP |
Queue Version | 4.1 |
Type | Bug |
State | No Feedback |
Priority | 2. Medium |
Owners | |
Requester | asamad (at) arpatech (dot) com |
Created | 03/05/2007 (6715 days ago) |
Due | |
Updated | 04/13/2007 (6676 days ago) |
Assigned | 03/05/2007 (6715 days ago) |
Resolved | 04/13/2007 (6676 days ago) |
Github Issue Link | |
Github Pull Request | |
Milestone | |
Patch | No |
provide us with a proof of concept.
but when an
authenticated used would click on a malformed url the html would be
injected in the same
session which could lead to html code inject on the client side.
Abdus Samad
ARPATECH
State ⇒ Feedback
sites provided by the url parameter, which could be abused for
phishing attacks, and we should probably fix this the same way like we
recently did in horde/index.php.
But I can't see how this allow injection. And please always check the
latest version when reporting a security issue.
Priority ⇒ 2. Medium
Type ⇒ Bug
Summary ⇒ HTML INJECT Vulenrability
Queue ⇒ IMP
State ⇒ Unconfirmed
due to a failure in
the application to properly sanitize variable 'url'.
Attacker-supplied HTML and script code would be executed in the
context of the affected
Web site, potentially allowing for theft of cookie-based
authentication credentials. An
attacker could also exploit this issue to control how the site is
rendered to the user;
other attacks are also possible.
This would effect even an unauthenticated user which could be directed
to a malicious web page resulting in information theft or even system
compromise by injecting Trojans.
PROOF OF CONCEPT CODE:
http://<HOST>/index.php?url=<any web.html>
A prompt responce will be highly appreciated.
Thankyou
Abdus Samad
Advanced Research Projects and Technologies