Tempinbox.comJun 10 2006 07:54AM luny youfucktard com
Tempinbox.com
Homepage:
http://www.tempinbox.com
Effected files:
checkmail.pl
Description:
Tempinbox.com is a free throw away, no sending email service. You enter an account name and you can instantly check email.
XSS Vulnerability:
It seems the title of emails and subjects are not sanatized, so if a user was to put <IMG SRC=javascript:alert('XSS')> as a title or subject of aemail, and then someone went to view it, an XSS attack could occur.
Homepage:
http://www.tempinbox.com
Effected files:
checkmail.pl
Description:
Tempinbox.com is a free throw away, no sending email service. You enter an account name and you can instantly check email.
XSS Vulnerability:
It seems the title of emails and subjects are not sanatized, so if a user was to put <IMG SRC=javascript:alert('XSS')> as a title or subject of aemail, and then someone went to view it, an XSS attack could occur.
[ reply ]