|
WebApp Sec
mailing list archives
Webmail Service vulnerabilities
From: Dimitri Borjac <dimooo () gmail com>
Date: Tue, 4 Jan 2005 14:26:48 +0100
Hi folks!
I'm trying to list the different vulnerabilities a classical Webmail
service could present.
I didn't find any specific documentation regarding this particular
type of service, but some flaws common to multiple webapps could
theoretically affect it.
Among them I have listed so far : XSS and XST (script and form
injection), CSRF, session hijacking (based on cookies, session ids,
...), any kind of parameter manipulation.
Has any of you already performed an audit of such a service ? Or based
on your experience over webapps security, do you see any other vuln
this service could present?
Thanks a lot for your suggestions or recommandations !
-dimo
 By Date 
By Thread
Current thread:
- Webmail Service vulnerabilities Dimitri Borjac (Jan 04)
|
Intro
