Re: imp_mime_viewer_html_xss.nasl

From: George Theall (theallat_private)
Date: Thu Aug 07 2003 - 06:01:08 PDT

Next message: Paul Johnston: "Private plugin IDs"

Previous message: Renaud Deraison: "Re: imp_mime_viewer_html_xss.nasl"
In reply to: Renaud Deraison: "Re: imp_mime_viewer_html_xss.nasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 06, 2003 at 03:27:09PM -0400, Renaud Deraison wrote:

> >         if (ereg(pattern:"3\.(0|1|2|2\.1)", string:vers)) {
> 
> You probably want to add [^0-9] somewhere at the end of the check. Also, 
> are versions older than 3.x vulnerable to the XSS as well ? 

The problem only affects versions 3.0 - 3.2.1 (that is, 3.0, 3.1, 3.2,
and 3.2.1).  Also, vers holds only the version number so I can't include
extra characters at the end of the regex.  I have modified it, though,
to anchor the regex to both the start and end of the string. 

Attached is the latest version of the plugin incorporating your comments
and mentioning a third problem in IMP's code. 

Thanks for your comments!

George
-- 
theallat_private

text/plain attachment: imp_mime_viewer_html_xss.nasl

application/pgp-signature attachment: stored

Next message: Paul Johnston: "Private plugin IDs"
Previous message: Renaud Deraison: "Re: imp_mime_viewer_html_xss.nasl"
In reply to: Renaud Deraison: "Re: imp_mime_viewer_html_xss.nasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 07 2003 - 06:01:42 PDT