[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: I have discovered small xss error in open webmail 2.41
From: s3cure () poczta ! fm
Date: 2005-09-03 16:07:03
Message-ID: 20050903160703.19548.qmail () securityfocus ! com
[Download RAW message or body]
Discovered by s3cure
Risk: small
When we are logged on account we see:
http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-0.274744641575129&action=listmessages_afterlogin
Now we can do small xss:
http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-here \
xss&action=listmessages_afterlogin
Ofcourse we can do a lots of other things but ... It's now your job.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic