exploit-db-mirror/exploits/asp/webapps/22730.txt
Offensive Security d304cc3d3e DB: 2017-11-24
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

7 lines
No EOL
574 B
Text

source: http://www.securityfocus.com/bid/7813/info
Mailtraq is vulnerable to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of HTTP requests to the vulnerable Mailtraq server.
An attacker can exploit this vulnerability by manipulating the 'cfolder' URI parameter to the browse.asp script and sending a link to a victim user. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link.
http://www.example.org/browse.asp?<script>alert(document.cookie)</script>