<div dir="ltr"><div><div>Hi All<br><br></div>Thanks for the help, I will try the fix and test again.<br><br></div><div>Thanks<br></div><div>C<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 2 March 2016 at 15:29, <span dir="ltr"><<a href="mailto:zendto-request@zend.to" target="_blank">zendto-request@zend.to</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send ZendTo mailing list submissions to<br>
<a href="mailto:zendto@zend.to">zendto@zend.to</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto" rel="noreferrer" target="_blank">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:zendto-request@zend.to">zendto-request@zend.to</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:zendto-owner@zend.to">zendto-owner@zend.to</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of ZendTo digest..."<br>
<br>Today's Topics:<br>
<br>
1. Re: XSS (Der PCFreak)<br>
2. Re: XSS (Karl Bundy)<br>
3. Re: XSS (Karl Bundy)<br>
<br><br>---------- Forwarded message ----------<br>From: Der PCFreak <<a href="mailto:mailinglists@pcfreak.de">mailinglists@pcfreak.de</a>><br>To: <a href="mailto:zendto@zend.to">zendto@zend.to</a><br>Cc: <br>Date: Wed, 2 Mar 2016 14:09:53 +0100<br>Subject: Re: [ZendTo] XSS<br>
<div bgcolor="#FFFFFF" text="#000000">
<tt>Hi,<br>
<br>
Barracuda offers their "Barracuda Vulnerability Manager" for free
at the moment and I tested it.<br>
<a href="https://bvm.barracudanetworks.com/" target="_blank">https://bvm.barracudanetworks.com/</a><br>
<br>
<br>
Here some of the results pointed at my ZendTo installation:<br>
<br>
<br>
Reflected Cross-Site Scripting<br>
==============================<br>
<a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a><br>
Issue Detail<br>
The emailAddr parameter was submitted with the value
"--><script>prompt(12345)</script>lNYCi<!--, and
the string was echoed verbatim in the output, showing that there
is a reflected XSS vulnerability.<br>
<br>
<a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a><br>
Issue Detail<br>
The auth parameter was submitted with the value
"--><script>prompt(12345)</script>HyNzQ<!--, and
the string was echoed verbatim in the output, showing that there
is a reflected XSS vulnerability.<br>
<br>
<a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a><br>
Issue Detail<br>
The emailAddr parameter was submitted with the value
"--><script>prompt(12345)</script>x7RXs<!--, and
the string was echoed verbatim in the output, showing that there
is a reflected XSS vulnerability.<br>
<br>
<a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a><br>
Issue Detail<br>
The auth parameter was submitted with the value
"--><script>prompt(12345)</script>WqYcq<!--, and
the string was echoed verbatim in the output, showing that there
is a reflected XSS vulnerability.<br>
<br>
HTML-Injection<br>
</tt><tt><tt>==============<br>
</tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a><br>
Issue Detail<br>
The emailAddr parameter was submitted with the value
<h1>tjkgr</h1>, and this value was echoed back
verbatim in the resulting page.<br>
<br>
<a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a><br>
Issue Detail<br>
The auth parameter was submitted with the value
<h1>xt90x</h1>, and this value was echoed back
verbatim in the resulting page.<br>
<br>
<a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a><br>
Issue Detail<br>
The emailAddr parameter was submitted with the value
<h1>zrjja</h1>, and this value was echoed back
verbatim in the resulting page.<br>
View Full HTTP Request and Response<br>
<br>
<a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a><br>
Issue Detail<br>
The auth parameter was submitted with the value
<h1>anhxx</h1>, and this value was echoed back
verbatim in the resulting page.<br>
<br>
Kind regards<br>
<br>
PCFreak<br>
<br>
<br>
<br>
<br>
</tt><br>
<div>On 01.03.2016 20:14, Chris Venter
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>Hi <br>
<br>
</div>
Our security audit has highlighted a possible reflected
cross site scripting error on the pickup.php page,to
test we ran <br>
<br>
<a href="https://server_name/pickup/php?emailAddr=test" target="_blank">https://server_name/pickup/php?emailAddr=test</a>"
/><script>alert('XSS Test')</script><br>
</div>
<br>
</div>
Can anyone else confirm if this is an issue?<br>
<br>
</div>
Thanks<br>
</div>
CJ</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
ZendTo mailing list
<a href="mailto:ZendTo@zend.to" target="_blank">ZendTo@zend.to</a>
<a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto" target="_blank">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>
</blockquote>
<br>
</div>
<br><br>---------- Forwarded message ----------<br>From: Karl Bundy <<a href="mailto:karl.bundy@aldentorch.com">karl.bundy@aldentorch.com</a>><br>To: ZendTo Users <<a href="mailto:zendto@zend.to">zendto@zend.to</a>><br>Cc: <br>Date: Wed, 2 Mar 2016 15:28:19 +0000<br>Subject: Re: [ZendTo] XSS<br>
<div bgcolor="white" link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Hi everyone,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">It appears that the issue is due to the fact that the email querystring variable is not being sanitized before being used. I am not a skilled programmer, but
I was able to make this simple change to the pickup.php file and it appears to have resolved this XSS issue. Please use this at your own risk, as it appears to work for me, but your mileage may vary ;)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">In the pickup.php file change this line:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">$emailAddr = isset($_POST['emailAddr'])?$_POST['emailAddr']:(isset($_GET['emailAddr'])?$_GET['emailAddr']:NULL);<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">to this:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">$emailAddr = str_replace('"','',isset($_POST['emailAddr'])?$_POST['emailAddr']:(isset($_GET['emailAddr'])?$_GET['emailAddr']:NULL));<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Save the file, and then test again.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">---Karl Bundy<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> <a href="mailto:zendto-bounces@zend.to" target="_blank">zendto-bounces@zend.to</a> [mailto:<a href="mailto:zendto-bounces@zend.to" target="_blank">zendto-bounces@zend.to</a>]
<b>On Behalf Of </b>Der PCFreak<br>
<b>Sent:</b> Wednesday, March 02, 2016 6:10 AM<br>
<b>To:</b> <a href="mailto:zendto@zend.to" target="_blank">zendto@zend.to</a><br>
<b>Subject:</b> Re: [ZendTo] XSS<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><tt><span style="font-size:10.0pt">Hi,</span></tt><span style="font-size:10.0pt;font-family:"Courier New""><br>
<br>
<tt>Barracuda offers their "Barracuda Vulnerability Manager" for free at the moment and I tested it.</tt><br>
<tt><a href="https://bvm.barracudanetworks.com/" target="_blank">https://bvm.barracudanetworks.com/</a></tt><br>
<br>
<br>
<tt>Here some of the results pointed at my ZendTo installation:</tt><br>
<br>
<br>
<tt>Reflected Cross-Site Scripting</tt><br>
<tt>==============================</tt><br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The emailAddr parameter was submitted with the value "--><script>prompt(12345)</script>lNYCi<!--, and the string was echoed verbatim in the output, showing that there is a reflected XSS vulnerability.</tt><br>
<br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The auth parameter was submitted with the value "--><script>prompt(12345)</script>HyNzQ<!--, and the string was echoed verbatim in the output, showing that there is a reflected XSS vulnerability.</tt><br>
<br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The emailAddr parameter was submitted with the value "--><script>prompt(12345)</script>x7RXs<!--, and the string was echoed verbatim in the output, showing that there is a reflected XSS vulnerability.</tt><br>
<br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The auth parameter was submitted with the value "--><script>prompt(12345)</script>WqYcq<!--, and the string was echoed verbatim in the output, showing that there is a reflected XSS vulnerability.</tt><br>
<br>
<tt>HTML-Injection</tt><br>
<tt>==============</tt><br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The emailAddr parameter was submitted with the value <h1>tjkgr</h1>, and this value was echoed back verbatim in the resulting page.</tt><br>
<br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The auth parameter was submitted with the value <h1>xt90x</h1>, and this value was echoed back verbatim in the resulting page.</tt><br>
<br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The emailAddr parameter was submitted with the value <h1>zrjja</h1>, and this value was echoed back verbatim in the resulting page.</tt><br>
<tt>View Full HTTP Request and Response</tt><br>
<br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The auth parameter was submitted with the value <h1>anhxx</h1>, and this value was echoed back verbatim in the resulting page.</tt><br>
<br>
<tt>Kind regards</tt><br>
<br>
<tt>PCFreak</tt><br>
<br>
<br>
<br>
<br>
</span><u></u><u></u></p>
<div>
<p class="MsoNormal">On 01.03.2016 20:14, Chris Venter wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi <u></u><u></u></p>
</div>
<p class="MsoNormal">Our security audit has highlighted a possible reflected cross site scripting error on the pickup.php page,to test we ran
<br>
<br>
<a href="https://server_name/pickup/php?emailAddr=test" target="_blank">https://server_name/pickup/php?emailAddr=test</a>" /><script>alert('XSS Test')</script><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Can anyone else confirm if this is an issue?<u></u><u></u></p>
</div>
<p class="MsoNormal">Thanks<u></u><u></u></p>
</div>
<p class="MsoNormal">CJ<u></u><u></u></p>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<u></u><u></u></p>
<pre>_______________________________________________<u></u><u></u></pre>
<pre>ZendTo mailing list<u></u><u></u></pre>
<pre><a href="mailto:ZendTo@zend.to" target="_blank">ZendTo@zend.to</a><u></u><u></u></pre>
<pre><a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto" target="_blank">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a><u></u><u></u></pre>
</blockquote>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<br><br>---------- Forwarded message ----------<br>From: Karl Bundy <<a href="mailto:karl.bundy@aldentorch.com">karl.bundy@aldentorch.com</a>><br>To: ZendTo Users <<a href="mailto:zendto@zend.to">zendto@zend.to</a>><br>Cc: <br>Date: Wed, 2 Mar 2016 15:29:32 +0000<br>Subject: Re: [ZendTo] XSS<br>
<div bgcolor="white" link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I forgot to mention that this was based on the code for version 4.12<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">--- Karl Bundy<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> Karl Bundy
<br>
<b>Sent:</b> Wednesday, March 02, 2016 8:28 AM<br>
<b>To:</b> <a href="mailto:zendto@zend.to" target="_blank">zendto@zend.to</a><br>
<b>Subject:</b> RE: [ZendTo] XSS<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Hi everyone,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">It appears that the issue is due to the fact that the email querystring variable is not being sanitized before being used. I am not a skilled programmer, but
I was able to make this simple change to the pickup.php file and it appears to have resolved this XSS issue. Please use this at your own risk, as it appears to work for me, but your mileage may vary ;)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">In the pickup.php file change this line:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">$emailAddr = isset($_POST['emailAddr'])?$_POST['emailAddr']:(isset($_GET['emailAddr'])?$_GET['emailAddr']:NULL);<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">to this:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">$emailAddr = str_replace('"','',isset($_POST['emailAddr'])?$_POST['emailAddr']:(isset($_GET['emailAddr'])?$_GET['emailAddr']:NULL));<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Save the file, and then test again.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">---Karl Bundy<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">
<a href="mailto:zendto-bounces@zend.to" target="_blank">zendto-bounces@zend.to</a> [<a href="mailto:zendto-bounces@zend.to" target="_blank">mailto:zendto-bounces@zend.to</a>]
<b>On Behalf Of </b>Der PCFreak<br>
<b>Sent:</b> Wednesday, March 02, 2016 6:10 AM<br>
<b>To:</b> <a href="mailto:zendto@zend.to" target="_blank">zendto@zend.to</a><br>
<b>Subject:</b> Re: [ZendTo] XSS<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><tt><span style="font-size:10.0pt">Hi,</span></tt><span style="font-size:10.0pt;font-family:"Courier New""><br>
<br>
<tt>Barracuda offers their "Barracuda Vulnerability Manager" for free at the moment and I tested it.</tt><br>
<tt><a href="https://bvm.barracudanetworks.com/" target="_blank">https://bvm.barracudanetworks.com/</a></tt><br>
<br>
<br>
<tt>Here some of the results pointed at my ZendTo installation:</tt><br>
<br>
<br>
<tt>Reflected Cross-Site Scripting</tt><br>
<tt>==============================</tt><br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The emailAddr parameter was submitted with the value "--><script>prompt(12345)</script>lNYCi<!--, and the string was echoed verbatim in the output, showing that there is a reflected XSS vulnerability.</tt><br>
<br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The auth parameter was submitted with the value "--><script>prompt(12345)</script>HyNzQ<!--, and the string was echoed verbatim in the output, showing that there is a reflected XSS vulnerability.</tt><br>
<br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The emailAddr parameter was submitted with the value "--><script>prompt(12345)</script>x7RXs<!--, and the string was echoed verbatim in the output, showing that there is a reflected XSS vulnerability.</tt><br>
<br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The auth parameter was submitted with the value "--><script>prompt(12345)</script>WqYcq<!--, and the string was echoed verbatim in the output, showing that there is a reflected XSS vulnerability.</tt><br>
<br>
<tt>HTML-Injection</tt><br>
<tt>==============</tt><br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The emailAddr parameter was submitted with the value <h1>tjkgr</h1>, and this value was echoed back verbatim in the resulting page.</tt><br>
<br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The auth parameter was submitted with the value <h1>xt90x</h1>, and this value was echoed back verbatim in the resulting page.</tt><br>
<br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The emailAddr parameter was submitted with the value <h1>zrjja</h1>, and this value was echoed back verbatim in the resulting page.</tt><br>
<tt>View Full HTTP Request and Response</tt><br>
<br>
<tt><a href="https://your.url.tld/pickup.php" target="_blank">https://your.url.tld/pickup.php</a></tt><br>
<tt>Issue Detail</tt><br>
<tt>The auth parameter was submitted with the value <h1>anhxx</h1>, and this value was echoed back verbatim in the resulting page.</tt><br>
<br>
<tt>Kind regards</tt><br>
<br>
<tt>PCFreak</tt><br>
<br>
<br>
<br>
</span><u></u><u></u></p>
<div>
<p class="MsoNormal">On 01.03.2016 20:14, Chris Venter wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi <u></u><u></u></p>
</div>
<p class="MsoNormal">Our security audit has highlighted a possible reflected cross site scripting error on the pickup.php page,to test we ran
<br>
<br>
<a href="https://server_name/pickup/php?emailAddr=test" target="_blank">https://server_name/pickup/php?emailAddr=test</a>" /><script>alert('XSS Test')</script><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Can anyone else confirm if this is an issue?<u></u><u></u></p>
</div>
<p class="MsoNormal">Thanks<u></u><u></u></p>
</div>
<p class="MsoNormal">CJ<u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
<u></u><u></u></p>
<pre>_______________________________________________<u></u><u></u></pre>
<pre>ZendTo mailing list<u></u><u></u></pre>
<pre><a href="mailto:ZendTo@zend.to" target="_blank">ZendTo@zend.to</a><u></u><u></u></pre>
<pre><a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto" target="_blank">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a><u></u><u></u></pre>
</blockquote>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<br>_______________________________________________<br>
ZendTo mailing list<br>
<a href="mailto:ZendTo@zend.to">ZendTo@zend.to</a><br>
<a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto" rel="noreferrer" target="_blank">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a><br></blockquote></div><br></div>