Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Advisory: XSS attack on Superonline.com email service.
From: nukedx () nukedx com
Date: Mon, 02 Jan 2006 23:45:26 -0600

--Security Report--
Advisory: XSS attack on Superonline.com email service.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 01/01/06 04:18 AM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx () nukedx com
Web: http://www.nukedx.com
}
---
About: Via this method,the Superonline Mails are being subjected to an attack
namely XSS attack a.k.a "Cross Site Scripting" .The attacker ,with the help of
the mail user clicking on the mail received, is able to inject a code with the
mail. The only thing necessary is to click on the mail,no need to open and read
it.As known,some E-mail providers use some scripts in web interfaces and some
bugs on "print or output scripts" grants us the chance to see what we can do
about them.

---
How: The name as following written as From: Name <sender () attacker com> and being
send to the server and the victim receives it as From: [XSS-text]
<sender () attacker com> and kaboom! , the mail user(namely our victim) is being
injected via XSS code . If we set our name with 28 chars and then add our XSS
code , victim reads this mail's sender as our name without XSS code injection
and gets infected.I used my name as "Mustafa Can<script></script>" ( not with
quotation marks ) and converted it to 28 chars and injected it with XSS code.
The mail user may be infected with a 28-char XSS code while viewing inbox
too.The XSS code personally used was:
Can<script></script><script>alert(document.cookie);</script><script>alert('You
have just been infected with XSS
code');</script><script>location.href('http://www.nukedx.com/pwned.htm&apos;);</script>
---
Bonus: This bug is currently available on some OTHER mail providers too.(Don't
get excited,not on so-called Famous and Safe ones such as 
Hotmail,Gmail,ICQmail,MyNet ) but some other ones such as Superonline and the
ones which are awaiting you to harass on them.
For further information,please contact me from the contact I have left above,I
am not able to provide more information via mails,indisputably.
Pictures of XSS
Inbox: http://www.nukedx.com/gelenmail.png
IN Mail: http://www.nukedx.com/superxss.png
Regards,
From the NWPX team,
nuker a.k.a nukedx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]