Plugin ID | 108 |
Plugin name | HastyMail prior 1.2.0 HTML attachement script execution |
Plugin filename | HastyMail prior 1.2.0 HTML attachement script execution.plugin |
Plugin filesize | 3427 bytes |
Plugin family | CGI |
Plugin created name | Marc Ruef |
Plugin created email | marc dot ruef at computec dot ch |
Plugin created web | http://www.computec.ch |
Plugin created company | computec.ch |
Plugin created date | 2004/08/26 |
Plugin updated name | Marc Ruef |
Plugin updated email | marc dot ruef at computec dot ch |
Plugin updated web | http://www.computec.ch |
Plugin updated company | computec.ch |
Plugin updated date | 2004/11/14 |
Plugin version | 2.0 |
Plugin changelog | The check is converted from the Nessus plugin. See the Nessus plugin ID for more details. I increased performance of the pattern matching in version 1.1 because we don't need regulary expressions. Corrected the plugin structure and added the accuracy values in 1.2. Improved the pattern matching and introduced the plugin changelog in 2.0 |
Plugin protocol | tcp |
Plugin port | 80 |
Plugin procedure detection | open|sleep|close|pattern_exists HTTP/#.# ### *Hastymail 0.#* OR HTTP/#.# ### *Hastymail 1.[0-1].* OR HTTP/#.# ### *Hastymail 1.2.0* |
Plugin detection accuracy | 82 |
Plugin comment | This plugin was written with the ATK Attack Editor. |
Bug affected | HastyMail prior 1.2.0 |
Bug not affected | HastyMail prior newer than 1.2.0 |
Bug vulnerability class | Cross Site Scripting |
Bug description | The remote host is running HastyMail, a PHP-based mail client application. There is a flaw in the remote version of this software which may allowan attacker to execute arbitrary javascript code on the hosts of users of this software. To exploit this flaw, an attacker would need to send an email to a victim using HastyMail containing a malicious HTML attachment. When the victim attempts to read the attachment, his browser may attempt to render the HTML file. An attacker may use this flaw to steal the cookies of the victim and therefore get access to his mailbox, or may perform other attacks. |
Bug solution | Upgrade to HastyMail 1.0.2 or 1.2.0 |
Bug fixing time | approx. 30 minutes |
Bug exploit availability | No |
Bug exploit url | http://www.securityfocus.com/bid/8893/exploit/ |
Bug remote | Yes |
Bug local | No |
Bug severity | Medium |
Bug popularity | 3 |
Bug simplicity | 4 |
Bug impact | 6 |
Bug risk | 4 |
Bug Nessus risk | Medium |
Bug check tools | Nessus is able to do nearly the same check. See Nessus plugin ID for more details. |
Source SecurityFocus BID | 11022 |
Source Nessus ID | 14370 |
Source Literature | Hacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X |
Source Misc. | http://www.computec.ch |