[转载]SqWebMail特定条件注释脚本插入漏洞

信息来源：secunia.com

Summary
Secunia Research has discovered a vulnerability in SqWebMail, which can be exploited by malicious people to conduct script insertion attacks.

Credit:
The information has been provided by Secunia Research.
The original article can be found at: http://secunia.com/secunia_research/2005-44/advisory/

Details
Vulnerable Systems:
* SqWebMail version 5.0.4

The vulnerability is caused due to SqWebMail allowing usage of e.g. the "<script>" tag within an HTML comment. This, combined with "Conditional Comments" in Internet Explorer, can be exploited to execute arbitrary script code in a user&#39;s browser session in context of a vulnerable site when a malicious email is viewed.

Successful exploitation requires that the user is using Internet Explorer.

Example in an HTML email:
<!--[if IE]>
<script>alert("Vulnerable!");</script>
<![endif]-->

Solution:
The vendor has issued an updated version of SqWebMail, which fixes this vulnerability: http://www.courier-mta.org/?download.php.

Disclosure Timeline:
05/09/2005 - Initial vendor notification
05/09/2005 - Vendor confirms vulnerability and releases a fix
06/09/2005 - Public disclosure