email XSS in SimpLISTic
Summary
- Vulnerability
- email XSS in SimpLISTic
- Discovered
- 2010.11.13
- Last Update
- n/a n/a
- ID
- EV0145
- CVE
- n/a
- Risk Level
- low
- Type
- Cross Site Scripting
- Status
- Unpatched. Vendor notified. No reply from developer(s)
- Vendor
- Mrcgiguy (http://www.mrcgiguy.com/)
- Vulnerable Software
- SimpLISTic
- Version
- 2.0
- PoC/Exploit
- Available
- Solution
- Available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in SimpLISTic script.
- email XSS
- XSS vulnerability found in email.cgi script. email parameter is not properly sanitized. email parameter pass through similar filter but not XSS filter. Any user may add email containing special code. "List addresses" page in Admin panel is vulnerable.
PoC/Exploit
- Example of XSS
- email XSS PoC code for SimpLISTic is available.
- XSS
- Email: email@website.com</textarea><script>alert('XSS vulnerability')</script>
Solution.
email paramether pass through simple filter:
if (($FORM{email} =~ m/@/) && ($FORM{email} =~ m/\./)) {$atcheck = 1}
This is not enough to sanitize XSS code. Recommended fix is:
$FORM{email} =~ s/\&/\&\;/g;
$FORM{email} =~ s/\</\<\;/g;
$FORM{email} =~ s/\>/\>\;/g;
$FORM{email} =~ s/\"/\"\;/g;
$FORM{email} =~ s/\'/\'\;/g;
$FORM{email} =~ s/\//\/\;/g;
Apply this filter before including $FORM{email} into HTML code.
Check for updates from MrCgiGuy website: http://www.mrcgiguy.com/