Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

SquirrelMail Cross Scripting Attacks....
From: Alvin Alex <alvin_gboy () hotmail com>
Date: 29 Apr 2004 21:09:06 -0000


SquirrelMail latest version (although is tested on version 1.4.2) is prone to many cross scripting attacks that can be 
used to steal user cookies.The Exploit lies in the way squirrel mail represents the folder names and shows them.To make 
the matters worse.No extra unique variable added to the url for each user therefore it is easy for the attacker to just 
pass the url in mail and steal the session cookie.

Some of the exploit are at :

http://victim.com/mail/src/compose.php?mailbox=INBOX

which can be replaced as follows

http://victim.com/mail/src/compose.php?mailbox=";>&lt;script&gt;malacious script&lt;/script&gt;

Example:

http://victim.com/mail/src/compose.php?mailbox=";>&lt;script&gt;window.alert(document.cookie)&lt;/script&gt;

-------------------------------------------------------------------------

Squirrel Mail Coders have been informed of this vulnerability but the vulnerability still exists in their latest 
version.

-------------------------------------------------------------------------

Please Let me know if i am wrong anywhere...

Regards,
Alvin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]