BugTraq
Back to list
|
Post reply
I have discovered small xss error in open webmail 2.41
Sep 03 2005 04:07PM
s3cure poczta fm
Discovered by s3cure
Risk: small
When we are logged on account we see:
http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourl
ogin*-session-0.274744641575129&action=listmessages_afterlogin
Now we can do small xss:
http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourl
ogin*-session-here xss&action=listmessages_afterlogin
Ofcourse we can do a lots of other things but ... It's now your job.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Risk: small
When we are logged on account we see:
http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourl
ogin*-session-0.274744641575129&action=listmessages_afterlogin
Now we can do small xss:
http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourl
ogin*-session-here xss&action=listmessages_afterlogin
Ofcourse we can do a lots of other things but ... It's now your job.
[ reply ]