uebimiau-xss.txt

2007-02-06T00:00:00
ID PACKETSTORM:54188
Type packetstorm
Reporter DoZ
Modified 2007-02-06T00:00:00

Description

                                        
                                            ` Uebimiau index.php Cross-Site Scripting Vulnerability  
  
  
  
Uebimiau is an universal webmail developed in PHP. This issue is due   
to a failure in the application to properly sanitize user-supplied   
input. Attackers may exploit this issue via a web client. An attacker   
may leverage this issue to have arbitrary script code execute in the   
browser of an unsuspecting user in the context of the affected site.   
This may help the attacker steal cookie-based authentication   
credentials and launch other attacks. A successful exploit could allow   
an attacker to compromise the application, access or modify data, or   
exploit vulnerabilities in the underlying database implementation.  
  
  
  
Hackers Center Security Group (http://www.hackerscenter.com)  
Credit: Doz  
  
  
Risk: Medium  
Class: Input Validation Error  
Remote: YES  
Local: NO  
  
  
Vendor: http://www.uebimiau.org/  
Version: 2.7.10  
  
  
  
Attackers can exploit these issues via a web client.  
  
  
  
XSS:  
  
  
www.site.com/imap/index.php?lid=en_UK&tid=default&f_user=XSS  
  
  
  
  
Demo:  
  
  
http://demo.uebimiau.org/imap/index.php?lid=en_UK  
  
  
Security researcher? Join us: mail Zinho at zinho at hackerscenter.com  
  
----------------------------------------------------------------  
This message was sent using IMP, the Internet Messaging Program.  
  
  
`