Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Hackernetwork Mail Xss[Search] Vulnerability

From: ajannhwt () hotmail com
Date: 23 May 2006 07:03:13 -0000
New Xss Hackernetwork Mail Vulnerability

Hackernetwork Mail Xss[Search] Vulnerability

ENGLISH

#Title : Hackernetwork Mail Xss[Search] Vulnerability

#Author: ajann

Example;

http://hackernetwork.mail.everyone.net/email/scripts/contacts.pl?goToMenu=&EV1=11481394101759371&ab_to=&deleteFlag=&pageNumber=0&matchString=XSS(Url
 Encode)&matchField=firstName&sortOrder=asc&&addrBook=personal&search_matchField=firstName

TURKISH

#Title : Hackernetwork Mail Xss[Search] Vulnerability

#Author: ajann

Örnek;

http://hackernetwork.mail.everyone.net/email/scripts/contacts.pl?goToMenu=&EV1=11481394101759371&ab_to=&deleteFlag=&pageNumber=0&matchString=XSS
 KODUNUZ&matchField=firstName&sortOrder=asc&&addrBook=personal&search_matchField=firstName

Açıklama:

Adres defterinde bulunan filtreleme eksikliği nedeniyle ararken xss yedirilebilmektedir.
Bir loglama scripti yazarak şifre ve kullanıcı adını encodesiz ele geçirebilirsiniz.
Previous By Date Next
Previous By Thread Next

Current thread: