Inout Webmail Script Persistent XSS Vulnerability

2010-12-20T00:00:00
ID 1337DAY-ID-15213
Type zdt
Reporter Sid3^effects
Modified 2010-12-20T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            #Name :inoutwebmail Persistent Xss Vulnerability
#Date : Dec,20 2010
#Vendor Url :http://www.inoutscripts.com/
#Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
#Big hugs : Th3 RDX,Hanan_butt,
#special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,SeeMe,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,tranquiller,[email protected]
#greetz to :!Op3x_ninjato team,www.topsecure.net ,trent Dillman,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
Inout Webmail is a complete webmail solution for your website. Build your own personal secure mail service today
 
###############################################################################################################
Exploit:Persistent Xss Vulnerability
 
The vulnerability exists due to failure in the script to properly sanitize user-supplied input.Successful exploitation of this vulnerability could result in a compromise of the application,disclosure or modification of sensitive data.
 
 
>The Xss vulnerability exists in "contacts",emailfilter
>Also the attacker can send malicious xss scripts to the users who are using this application
 
Attack parameter: "><script>alert("xss")</script>
 
>http://server/path/index.php?page=mail/mailbox
>http://server/index.php?page=settings/emailfilter
 
###############################################################################################################
Fix:
   N/a
###############################################################################################################
# 0day no more
# Sid3^effects
# 1337day.com



#  0day.today [2018-03-20]  #