lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060523070313.26597.qmail@securityfocus.com> Date: 23 May 2006 07:03:13 -0000 From: ajannhwt@...mail.com To: bugtraq@...urityfocus.com Subject: Hackernetwork Mail Xss[Search] Vulnerability New Xss Hackernetwork Mail Vulnerability Hackernetwork Mail Xss[Search] Vulnerability ENGLISH #Title : Hackernetwork Mail Xss[Search] Vulnerability #Author: ajann Example; http://hackernetwork.mail.everyone.net/email/scripts/contacts.pl?goToMenu=&EV1=11481394101759371&ab_to=&deleteFlag=&pageNumber=0&matchString=XSS(Url Encode)&matchField=firstName&sortOrder=asc&&addrBook=personal&search_matchField=firstName TURKISH #Title : Hackernetwork Mail Xss[Search] Vulnerability #Author: ajann Örnek; http://hackernetwork.mail.everyone.net/email/scripts/contacts.pl?goToMenu=&EV1=11481394101759371&ab_to=&deleteFlag=&pageNumber=0&matchString=XSS KODUNUZ&matchField=firstName&sortOrder=asc&&addrBook=personal&search_matchField=firstName Açıklama: Adres defterinde bulunan filtreleme eksikliği nedeniyle ararken xss yedirilebilmektedir. Bir loglama scripti yazarak şifre ve kullanıcı adını encodesiz ele geçirebilirsiniz.