Inout Webmail Script – Persistent Cross-Site Scripting

• Exploit Database
• 33 阅读

• 作者： Sid3^effects
  日期： 2010-12-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15781/

• #Name :inoutwebmail Persistent Xss Vulnerability
  #Date : Dec,20 2010
  #Vendor Url :http://www.inoutscripts.com/
  #Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
  #Big hugs : Th3 RDX,Hanan_butt,
  #special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,SeeMe,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,tranquiller,Sug@R
  #greetz to :!Op3x_ninjato team,www.topsecure.net ,trent Dillman,All ICW members and my friends :) luv y0 guyz
  #######################################################################################################
  Description:
  Inout Webmail is a complete webmail solution for your website. Build your own personal secure mail service today
  
  ###############################################################################################################
  Exploit:Persistent Xss Vulnerability
  
  The vulnerability exists due to failure in the script to properly sanitize user-supplied input.Successful exploitation of this vulnerability could result in a compromise of the application,disclosure or modification of sensitive data.
  
  
  >The Xss vulnerability exists in "contacts",emailfilter
  >Also the attacker can send malicious xss scripts to the users who are using this application
  
  Attack parameter: "><script>alert("xss")</script>
  
  >http://server/path/index.php?page=mail/mailbox
  >http://server/index.php?page=settings/emailfilter
  
  ###############################################################################################################
  Fix:
   N/a
  ###############################################################################################################
  # 0day no more
  # Sid3^effects
  # 1337day.com