imp_mime_viewer_html_xss.nasl

From: George Theall (theallat_private)
Date: Sat Aug 02 2003 - 15:04:47 PDT

Next message: Daniel VARGA: "Service running...?"

Previous message: Michel Arboi: "Re: Guidelines for Writing Plugins?"
Next in thread: Renaud Deraison: "Re: imp_mime_viewer_html_xss.nasl"
Reply: Renaud Deraison: "Re: imp_mime_viewer_html_xss.nasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have attached a plugin to scan for a recently discovered set of XSS
vulnerabilities in IMP, a webmail product.  These vulnerabilties allow
an attacker to cause a victim to execute arbitrary Javascript code when
reading an HTML message from the attacker.  

The plugin merely checks the version number of IMP available on a target
and reports a hole if it is between 3.0 and 3.2.1.  Additionally, the
check determines the version number using the test script distributed as
part of IMP.  Although the availability of that test script via the web
is itself a vulnerability (covered already by horde_test_disclosure.nasl
/ plugin #11617), it's a common enough occurence and possibly the only
way as far as I know to determine the version installed with IMP 3.x. 

Hopefully, my plugin works as intended and can be included amongst the
plugins distributed through nessus.org.  Comments? Flames?


George
-- 
theallat_private

text/plain attachment: imp_mime_viewer_html_xss.nasl

application/pgp-signature attachment: stored

Next message: Daniel VARGA: "Service running...?"
Previous message: Michel Arboi: "Re: Guidelines for Writing Plugins?"
Next in thread: Renaud Deraison: "Re: imp_mime_viewer_html_xss.nasl"
Reply: Renaud Deraison: "Re: imp_mime_viewer_html_xss.nasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Aug 02 2003 - 15:05:10 PDT