<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

WebApp Sec: Webmail Service vulnerabilities

Webmail Service vulnerabilities

From: Dimitri Borjac <dimooo_at_gmail.com>
Date: Tue, 4 Jan 2005 14:26:48 +0100

Hi folks!

I'm trying to list the different vulnerabilities a classical Webmail
service could present.

I didn't find any specific documentation regarding this particular
type of service, but some flaws common to multiple webapps could
theoretically affect it.

Among them I have listed so far : XSS and XST (script and form
injection), CSRF, session hijacking (based on cookies, session ids,
...), any kind of parameter manipulation.

Has any of you already performed an audit of such a service ? Or based
on your experience over webapps security, do you see any other vuln
this service could present?

Thanks a lot for your suggestions or recommandations !

-dimo
Received on Jan 04 2005

This message: [ Message body ]
Next message: Robert Pławiak: "Re: Information about Software quality in Web Apps"
Previous message: Jaime Alvaro: "Information about Software quality in Web Apps"
Next in thread: Moritz Naumann: "Re: Webmail Service vulnerabilities"
Reply: Moritz Naumann: "Re: Webmail Service vulnerabilities"
Reply: Tim Brown: "Re: Webmail Service vulnerabilities"
Maybe reply: Scovetta, Michael V: "RE: Webmail Service vulnerabilities"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]