WebApp Sec mailing list archives
Webmail Service vulnerabilities
From: Dimitri Borjac <dimooo () gmail com>
Date: Tue, 4 Jan 2005 14:26:48 +0100
Hi folks! I'm trying to list the different vulnerabilities a classical Webmail service could present. I didn't find any specific documentation regarding this particular type of service, but some flaws common to multiple webapps could theoretically affect it. Among them I have listed so far : XSS and XST (script and form injection), CSRF, session hijacking (based on cookies, session ids, ...), any kind of parameter manipulation. Has any of you already performed an audit of such a service ? Or based on your experience over webapps security, do you see any other vuln this service could present? Thanks a lot for your suggestions or recommandations ! -dimo
Current thread:
- Webmail Service vulnerabilities Dimitri Borjac (Jan 04)
- Re: Webmail Service vulnerabilities Moritz Naumann (Jan 06)
- Re: Webmail Service vulnerabilities Tim Brown (Jan 06)
- <Possible follow-ups>
- RE: Webmail Service vulnerabilities Scovetta, Michael V (Jan 06)