Reporting Vulnerable Public Web mail

2007-10-06T00:00:00
ID SECURITYVULNS:DOC:18131
Type securityvulns
Reporter Securityvulns
Modified 2007-10-06T00:00:00

Description

Reporting Vulnerable Public Software

Technical Details:

+===========================================================================+ + MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities + +===========================================================================+

Author(s): Ivan Sanchez & Maximiliano Soler

Product: MailBee WebMail Pro 3.4

Web: http://www.afterlogic.com/

Versions: 3.4 (or less)

Date: 05/10/2007


Not Vulnerable: 4.0 (or superior)

GOOGLE DORKS:

[+] intitle:"MailBee WebMail" [+] intext:"Powered by MailBee WebMail"

EXPLOIT:

For example...after the variable "mode2" or "mode"

http://www.[DOMAIN].tld/[PATH]/login.php?mode=[XSS]

http://www.[DOMAIN].tld/[PATH]/default.asp?mode=advanced_login&mode2=[XSS]

NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs! +===========================================================================+ + MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities + +===========================================================================+

Ivan Javier Sanchez

Vulnerabitity Assessment

 Tel-Fax 011-4276-2399
  Cel-154879059

www.nullcode.com.ar


This message was sent using IMP, the Internet Messaging Program.