Full Disclosure: Permanent XSS on the nuit du hack webmail service

Nmap Security Scanner
- Intro
- Ref Guide
- Install Guide
- Download
- Changelog
- Book
- Docs
Security Lists
- Nmap Hackers
- Nmap Dev
- Bugtraq
- Full Disclosure
- Pen Test
- Basics
- More
Security Tools
Site News
Advertising
About/Contact
Sponsors:

Permanent XSS on the nuit du hack webmail service

From: klondike <klondike () xiscosoft es>
Date: Sat, 24 Mar 2012 05:27:20 +0100

So I was bored with the nuit du hack prequals and decided to test a bit
the e-mail service.

The guys have a cool XSS injection on the fake webmail service which can
be exploited with a properly crafted subject (i.e.
<script>alert('Hello!');</script> ). I thought the guys behind nuit du
hack were a bit more serious than this...

klondike

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Permanent XSS on the nuit du hack webmail service klondike (Mar 24)
- Re: Oracle based personal data dumping attack on the nuit du hack CTF klondike (Mar 24)
  - Re: Oracle based personal data dumping attack on the nuit du hack CTF Damien Cauquil (Mar 26)
    - Re: Oracle based personal data dumping attack on the nuit du hack CTF majinboo (Mar 26)
    - Re: Oracle based personal data dumping attack on the nuit du hack CTF klondike (Mar 27)