[40170] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

I have discovered small xss error in open webmail 2.41

daemon@ATHENA.MIT.EDU (s3cure@poczta.fm)
Tue Sep 6 16:39:31 2005

Date: 3 Sep 2005 16:07:03 -0000
Message-ID: <20050903160703.19548.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: s3cure@poczta.fm
To: bugtraq@securityfocus.com

Discovered by s3cure

Risk: small

When we are logged on account we see:

http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-0.274744641575129&action=listmessages_afterlogin

Now we can do small xss:

http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-here xss&action=listmessages_afterlogin

Ofcourse we can do a lots of other things but ... It's now your job.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[40170] in bugtraq

I have discovered small xss error in open webmail 2.41

daemon@ATHENA.MIT.EDU (s3cure@poczta.fm)Tue Sep 6 16:39:31 2005

daemon@ATHENA.MIT.EDU (s3cure@poczta.fm)
Tue Sep 6 16:39:31 2005