--Security Report-- Advisory: ICQmail.com & Mail2World.com (ms_inbox.asp Current_folder) XSS vulnerability --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 25/02/06 01:43 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx@nukedx.com Web: http://www.nukedx.com } --- Vendor: M2W (http://www.mail2world.net) Version: Current version which runs on these web sites. About: Via this method remote attacker can make malicious links for clicking and when victim clicks this links victim's browser would be inject with XSS. Level: Harmless --- How&Example: Current_folder variable in ms_inbox.asp did not sanitized properly, Links in ms_inbox.asp with %3E[XSS] values can bypass script check function. GET -> http://www.icqmail.com/mail/ms_inbox.asp?Current_folder=%3E[XSS] EXAMPLE -> http://www.icqmail.com/mail/ms_inbox.asp?Current_folder=%3E So if we post links like these to our victim with a small mail our progress will be done. -- Timeline: * 25/02/2006: Vulnerability found. * 25/02/2006: Contacted with vendor and waiting reply. -- Original advisory: http://www.nukedx.com/?viewdoc=15 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/