New Xss Hackernetwork Mail Vulnerability

Hackernetwork Mail Xss[Search] Vulnerability

ENGLISH

#Title : Hackernetwork Mail Xss[Search] Vulnerability

#Author: ajann

Example;

http://hackernetwork.mail.everyone.net/email/scripts/contacts.pl?goToMenu=&EV1=11481394101759371&ab_to=&deleteFlag=&pageNumber=0&matchString=XSS(Url Encode)&matchField=firstName&sortOrder=asc&&addrBook=personal&search_matchField=firstName

TURKISH

#Title : Hackernetwork Mail Xss[Search] Vulnerability

#Author: ajann

Örnek;

http://hackernetwork.mail.everyone.net/email/scripts/contacts.pl?goToMenu=&EV1=11481394101759371&ab_to=&deleteFlag=&pageNumber=0&matchString=XSS KODUNUZ&matchField=firstName&sortOrder=asc&&addrBook=personal&search_matchField=firstName

Açıklama:

Adres defterinde bulunan filtreleme eksikliği nedeniyle ararken xss yedirilebilmektedir.
Bir loglama scripti yazarak şifre ve kullanıcı adını encodesiz ele geçirebilirsiniz.