Signature Detail

HTTP: IMG tag in URL with Javascript Cross-Side Scripting

This signature detects HTML <img> tags in URLs that include Javascript. Because <img> tags should never be present in URLs, the presence of Javascript in such a URL is a clear indication of a Cross-Side Scripting (XSS) attack. XSS attacks are typically Web browser-independent.

Extended Description

The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - An HTML injection vulnerability - A PHP source code disclosure vulnerability - An SQL injection vulnerability These vulnerabilities are reported to exist in versions prior to 7.5.2.

Affected Products

• Merak Mail Server 7.4.5
• Merak Webmail Server 5.2.7

References

• BugTraq: 10966
• CVE: CVE-2009-1968
• CVE: CVE-2004-1719
• URL: http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp
• URL: http://www.cgisecurity.com/articles/xss-faq.shtml