Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

I have discovered small xss error in open webmail 2.41
From: s3cure () poczta fm
Date: 3 Sep 2005 16:07:03 -0000
Discovered by s3cure

Risk: small

When we are logged on account we see:

http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-0.274744641575129&action=listmessages_afterlogin

Now we can do small xss:

http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-here 
xss&action=listmessages_afterlogin

Ofcourse we can do a lots of other things but ... It's now your job.

  By Date           By Thread  

Current thread:
  • I have discovered small xss error in open webmail 2.41 s3cure (Sep 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]