[23975] in bugtraq
Cross-Site Scripting Vuln...
daemon@ATHENA.MIT.EDU (InterWN Labs)
Thu Jan 24 16:20:41 2002
Date: 24 Jan 2002 13:01:03 -0000
Message-ID: <20020124130103.10682.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: InterWN Labs <interwn@interwn.nl>
To: bugtraq@securityfocus.com
Hello All.
This is ANOTHER css vuln that has been found
in web-based e-mail sites. Its not some high
profile site but its vulnerable none the less.
I have an email address at www.iraqmail.com and
it is possible to embed any amount of code into
the body of the page.
There are 2 things you need to do first. The first
thing you must do is register an account at
www.iraqmail.com Secondly you must send an
email to anyone. In the body of the page after the
mail has been sent it should say:
Your message has been submitted
If you look in the address space there should be
a url along the lines of:
http://www.iraqmail.com/Account/Mailbox/INBOX.h
tml?
Info=Your+message+has+been+submitted&SID=
131832-Pv5fIj5GobKp6ipfPks6&
You simply
replace "Your+message+has+been+submitted"
with any code and it will appear in the source of
the page.
http://www.iraqmail.com/Account/Mailbox/INBOX.h
tml?Info=<script>alert('InterWN Labs')
</script>&SID=131832-Pv5fIj5GobKp6ipfPks6&
That will pop up an alert box with the name of our
security group. Im sure someone could find some
far more clever ways to exploit this.
Thats it. Thanx.
--philer
www.interwn.nl
www.ugcia.net
