SocketMail versions 2.2.1 and below suffer from cross site scripting vulnerabilities.
42dfab9313f856d4432146f04f234d81fd6dacaa018f7055aefa7da54a4d2c96
+====================================================================+
+ SocketMail <=2.2.1 (XSS) Multiple Remote Vulnerabilities +
+====================================================================+
Author(s): Ivan Sanchez & Maximiliano Soler.
Product: SocketMail.
Description: SocketMail is a powerful, scalable and fully customisable e-mail
solution. Ideal messaging solution for sizes
web site and enterprises.
Web: http://www.socketmail.com/site/home/
Versions: 2.2.1 (or less)
Date: 19/10/2007
GOOGLE DORKS:
------------
[+] intext:"Powered by SocketMail version"
EXPLOIT:
--------
For example...after the variable "lost_id"
http://www.[DOMAIN].tld/[PATH]/lostpwd.php?lost_id=[XSS]
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+====================================================================+
+ SocketMail <=2.2.1 (XSS) Multiple Remote Vulnerabilities +
+====================================================================+
--
Maximiliano Soler.
Reports & Review Code.
Null Code Services.
www.nullcode.com.ar
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.