Inout Webmail Cross Site Scripting

2010-12-20T00:00:00
ID PACKETSTORM:96810
Type packetstorm
Reporter Sid3 effects
Modified 2010-12-20T00:00:00

Description

                                        
                                            `#Name :inoutwebmail Persistent Xss Vulnerability  
#Date : Dec,20 2010  
#Vendor Url :http://www.inoutscripts.com/  
#Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>  
#Big hugs : Th3 RDX,Hanan_butt,  
#special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,SeeMe,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,tranquiller,Sug@R  
#greetz to :!Op3x_ninjato team,www.topsecure.net ,trent Dillman,All ICW members and my friends :) luv y0 guyz  
#######################################################################################################  
Description:  
Inout Webmail is a complete webmail solution for your website. Build your own personal secure mail service today  
  
###############################################################################################################  
Exploit:Persistent Xss Vulnerability  
  
The vulnerability exists due to failure in the script to properly sanitize user-supplied input.Successful exploitation of this vulnerability could result in a compromise of the application,disclosure or modification of sensitive data.  
  
  
>The Xss vulnerability exists in "contacts",emailfilter  
>Also the attacker can send malicious xss scripts to the users who are using this application  
  
Attack parameter: "><script>alert("xss")</script>  
  
>http://server/path/index.php?page=mail/mailbox  
>http://server/index.php?page=settings/emailfilter  
  
###############################################################################################################  
Fix:  
N/a  
###############################################################################################################  
# 0day no more  
# Sid3^effects  
# 1337day.com  
  
`