lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Feb 3 05:41:41 2006 From: simo at morx.org (simo@...x.org) Subject: Outblaze Cross Site Scripting Vulnerability Title: outblaze Cross Site Scripting Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org> Discovered: 23 january 2005 Published: 02 february 2006 MorX Security Research Team http://www.morx.org Service: Webmail manager Vendor: outblaze / www.outblaze.com Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks Severity: Medium/High Details: With over 40 million mailboxes under Outblaze management, Outblaze provided enhanced messaging services to telcos, service providers, VARs, Carriers and Corporations on an outsoucing basis, The core product is an advanced email system with several available ancillary services. throw.main outblaze script is prone to cross-site scripting attacks. This problem is due to a failure in the application to properly sanitize user-supplied input. input can be passed in variable $file Impact: an attacker can exploit the vulnerable scripts to have arbitrary script code executed in the browser of an authentified outblaze user in the context of the vulnerable website. resulting in the theft of cookie-based authentication giving the attacker full access to the victim's email account as well as other type of attacks. Affected script with proof of concept exploit: /scripts/common/throw.main?file=<BODY%20ONLOAD=alert('vul')> Examples: http://mymail.linuxmail.org/scripts/common/throw.main?file=<BODY%20ONLOAD=alert('vul')> http://www.hackermail.com/scripts/common/throw.main?file=<BODY%20ONLOAD=alert('vul')> http://mymail.operamail.com/scripts/common/throw.main?file=<BODY%20ONLOAD=alert('vul')> http://mail01.mail.com/scripts/common/throw.main?file=<BODY%20ONLOAD=alert('vul')> http://super.japan.com/scripts/common/throw.main?file=<BODY%20ONLOAD=alert('vul')> screen capture: http://www.morx.org/mailXSS.jpg Disclaimer: this entire document is for eductional, testing and demonstrating purpose only. Modification use and/or publishing this information is entirely on your OWN risk. The information provided in this advisory is to be used/tested on your OWN machine/Account. I cannot be held responsible for any of the above.
Powered by blists - more mailing lists