Hackernetwork Mail suffers from XSS in the search parameter.
2de18c0a41e43b0b6a8216b1e4771d262c88e0aee3f573c66e3d64964bf21e62
New Xss Hackernetwork Mail Vulnerability
Hackernetwork Mail Xss[Search] Vulnerability
ENGLISH
#Title : Hackernetwork Mail Xss[Search] Vulnerability
#Author: ajann
Example;
http://hackernetwork.mail.everyone.net/email/scripts/contacts.pl?goToMenu=&EV1=11481394101759371&ab_to=&deleteFlag=&pageNumber=0&matchString=XSS(Url Encode)&matchField=firstName&sortOrder=asc&&addrBook=personal&search_matchField=firstName
TURKISH
#Title : Hackernetwork Mail Xss[Search] Vulnerability
#Author: ajann
Örnek;
http://hackernetwork.mail.everyone.net/email/scripts/contacts.pl?goToMenu=&EV1=11481394101759371&ab_to=&deleteFlag=&pageNumber=0&matchString=XSS KODUNUZ&matchField=firstName&sortOrder=asc&&addrBook=personal&search_matchField=firstName
Açıklama:
Adres defterinde bulunan filtreleme eksikliği nedeniyle ararken xss yedirilebilmektedir.
Bir loglama scripti yazarak şifre ve kullanıcı adını encodesiz ele geçirebilirsiniz.