[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I have discovered small xss error in open webmail 2.41

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: I have discovered small xss error in open webmail 2.41
From: s3cure@xxxxxxxxx
Date: 3 Sep 2005 16:07:03 -0000

Discovered by s3cure

Risk: small

When we are logged on account we see:

http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-0.274744641575129&action=listmessages_afterlogin

Now we can do small xss:

http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-here
 xss&action=listmessages_afterlogin

Ofcourse we can do a lots of other things but ... It's now your job.

Prev by Date: [NOBYTES.COM: #11] MidiCart ASP Shopping Cart, Evaluation Version 7 & Standard & Pro - Multiple Vulnerabilities
Next by Date: IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV
Previous by thread: Re: [NOBYTES.COM: #11] MidiCart ASP Shopping Cart, Evaluation Version 7 & Standard & Pro - Multiple Vulnerabilities
Next by thread: IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV
Index(es):
- Date
- Thread