atmail-xss.txt

atmail-xss.txt: Posted Feb 14, 2007; Authored by Lostmon | Site lostmon.blogspot.com; @Mail suffers from cross site scripting flaws in search.pl.; tags | exploit, xss; SHA-256 | cdf13de4e84068e74d685d8467c21e617c726c0f6d643e8f86bb79615577b91d; Download | Favorite | View

atmail-xss.txt

#########################################################
@Mail Search.pl keywords variable cross-site scripting
vendor url:http://www.atmail.com
Advisory:http://lostmon.blogspot.com/2007/02/
mail-searchpl-keywords-variable-cross.html
vendor notify:yes exploit available: yes
#########################################################


@Mail is a feature rich Email solution that allows users to access
email-resources via the web or a variety of wireless devices. The
software incorporates a complete email-server package to manage
and host user email at your domain(s)


@Mail contains a flaw that allows a remote cross site scripting
attack.This flaw exists because the application does not validate
user input in search form in html/[languaje folder]/help/search.html
upon submision to search.pl script the keywords variable are afected
by this flaw uopn submision to search.pl script too.This could
allow a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship
between the browser and the server, leading to a loss of integrity.


#############
versions
#############
All of this versions Are vulnerables:

@mail 4.61
@mail 4.6
@mail 4.51
@Mail 4.03 WebMail for Windows
@Mail 4.11 - Linux / FreeBSD / Solaris / HP-UX / OS-X /

it is also posible other versions are vulnerable.

#################
solution
#################

no solution was available at this time !!!

#################
Timeline
#################

Discovered:02-07-2005
vendor notify:11-02-2007
vendor response:--------
disclosure: 13-02-2007


###############
Examples
###############

go to :

http://localhost/parse.pl?file=html/english/help/search.html

and insert in the search form this script:

"><script>alert(document.forms.keywords)</script>

or exploit directly to search.pl

http://localhost/search.pl?func=searchhelp&keywords=
"><script>alert(document.forms.keywords)</script>&Submit2=Search

######################## €nd ##########################

Thnx to estrella to be my ligth

atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon/ (new)
--
La curiosidad es lo que hace mover la mente....

Top Authors In Last 30 Days

Red Hat 306 files
indoushka 132 files
Ubuntu 94 files
Gentoo 32 files
Debian 24 files
LiquidWorm 18 files
malvuln 8 files
Google Security Research 8 files
verylazytech 3 files
Seth Jenkins 3 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,144)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,627)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,101)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,931)
UNIX (9,469)
UnixWare (188)
Windows (6,784)
Other

atmail-xss.txt

atmail-xss.txt

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

atmail-xss.txt

Share This

atmail-xss.txt

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems