mailman -- content spoofing with invalid list names in web UI
Mark Sapiro reports:
A URL with a very long text listname such as
will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site.
This issue was discovered by Hammad Qureshi.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright