openXSS.txt

openXSS.txt: Posted Sep 7, 2005; Authored by s3cure; Open Webmail 2.41 is susceptible to cross site scripting attacks.; tags | exploit, xss; SHA-256 | 93ea05d29c12a308bbb9e008504aac101b3c0d0d4be430fd8246c908adafe22a; Download | Favorite | View

openXSS.txt

Discovered by s3cure

Risk: small

When we are logged on account we see:

http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-0.274744641575129&action=listmessages_afterlogin

Now we can do small xss:

http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-here xss&action=listmessages_afterlogin

Ofcourse we can do a lots of other things but ... It's now your job.

Top Authors In Last 30 Days

Red Hat 229 files
indoushka 167 files
Jay Turla 150 files
Ubuntu 67 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

openXSS.txt

openXSS.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

openXSS.txt

Share This

openXSS.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems