[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Reporting Vulnerable Public Web mail
From: ivan.sanchez () nullcode ! com ! ar
Date: 2007-10-05 17:58:04
Message-ID: 1191607084.47067b2cf00ff () www ! nullcode ! com ! ar
[Download RAW message or body]
This message is in MIME format.
Reporting Vulnerable Public Software
Technical Details:
+===========================================================================+
+ MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities +
+===========================================================================+
Author(s): Ivan Sanchez & Maximiliano Soler
Product: MailBee WebMail Pro 3.4
Web: http://www.afterlogic.com/
Versions: 3.4 (or less)
Date: 05/10/2007
---------------------------------
Not Vulnerable: 4.0 (or superior)
GOOGLE DORKS:
------------
[+] intitle:"MailBee WebMail"
[+] intext:"Powered by MailBee WebMail"
EXPLOIT:
--------
For example...after the variable "mode2" or "mode"
http://www.[DOMAIN].tld/[PATH]/login.php?mode=[XSS]
http://www.[DOMAIN].tld/[PATH]/default.asp?mode=advanced_login&mode2=[XSS]
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+===========================================================================+
+ MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities +
+===========================================================================+
Ivan Javier Sanchez
Vulnerabitity Assessment
Tel-Fax 011-4276-2399
Cel-154879059
www.nullcode.com.ar
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
["MailBee WebMail Pro.txt" (text/plain)]
+===========================================================================+
+ MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities +
+===========================================================================+
Author(s): Ivan Sanchez & Maximiliano Soler
Product: MailBee WebMail Pro 3.4
Web: http://www.afterlogic.com/
Versions: 3.4 (or less)
Date: 05/10/2007
---------------------------------
Not Vulnerable: 4.0 (or superior)
GOOGLE DORKS:
------------
[+] intitle:"MailBee WebMail"
[+] intext:"Powered by MailBee WebMail"
EXPLOIT:
--------
For example...after the variable "mode2" or "mode"
http://www.[DOMAIN].tld/[PATH]/login.php?mode=[XSS]
http://www.[DOMAIN].tld/[PATH]/default.asp?mode=advanced_login&mode2=[XSS]
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+===========================================================================+
+ MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities +
+===========================================================================+
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic