[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Permanent XSS on the nuit du hack webmail service

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Permanent XSS on the nuit du hack webmail service
From: klondike <klondike@xxxxxxxxxxxx>
Date: Sat, 24 Mar 2012 05:27:20 +0100

So I was bored with the nuit du hack prequals and decided to test a bit
the e-mail service.

The guys have a cool XSS injection on the fake webmail service which can
be exploited with a properly crafted subject (i.e.
<script>alert('Hello!');</script> ). I thought the guys behind nuit du
hack were a bit more serious than this...

klondike

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Oracle based personal data dumping attack on the nuit du hack CTF
  - From: klondike

Prev by Date: Re: [Full-disclosure] Apple IOS security issue pre-advisory record
Next by Date: Re: [Full-disclosure] Oracle based personal data dumping attack on the nuit du hack CTF
Previous by thread: [Full-disclosure] [ MDVSA-2012:037 ] cyrus-imapd
Next by thread: Re: [Full-disclosure] Oracle based personal data dumping attack on the nuit du hack CTF
Index(es):
- Date
- Thread