Hosting.com Cross Site Scripting

["E M" <rdnktrk () hotmail com>]

Issue -

Most Variables passed to the webmail script used by hosting.com (formerly 
CTSNet) execute script with local server context.


URL  : webmail.cts.com

Example :

http://webmail.cts.com/webmail.cgi?_ID=<SCRIPT>document.write("All%20Your%20Webmail%20is%20Belong%20to%20Us");</SCRIPT>


Vendor Status : Contacted 12.13.01 - Only automated reply.

Eric McCarty
rdnktrk () hotmail com





_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx