[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    I have discovered small xss error in open webmail 2.41
From:       s3cure () poczta ! fm
Date:       2005-09-03 16:07:03
Message-ID: 20050903160703.19548.qmail () securityfocus ! com
[Download RAW message or body]

Discovered by s3cure

Risk: small

When we are logged on account we see:

http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-0.274744641575129&action=listmessages_afterlogin


Now we can do small xss:

http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-here \
xss&action=listmessages_afterlogin

Ofcourse we can do a lots of other things but ... It's now your job.


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic