Reporting Vulnerable Public Web mail

看板Bugtraq作者ivan.時間18年前 (2007/10/06 03:19)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

This message is in MIME format. ---MOQ119160708408c16d393ad897378bd9283d81cb30de Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Reporting Vulnerable Public Software Technical Details: +===========================================================================+ + MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities + +===========================================================================+ Author(s): Ivan Sanchez & Maximiliano Soler Product: MailBee WebMail Pro 3.4 Web: http://www.afterlogic.com/ Versions: 3.4 (or less) Date: 05/10/2007 --------------------------------- Not Vulnerable: 4.0 (or superior) GOOGLE DORKS: ------------ [+] intitle:"MailBee WebMail" [+] intext:"Powered by MailBee WebMail" EXPLOIT: -------- For example...after the variable "mode2" or "mode" http://www.[DOMAIN].tld/[PATH]/login.php?mode=[XSS] http://www.[DOMAIN].tld/[PATH]/default.asp?mode=advanced_login&mode2=[XSS] NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs! +===========================================================================+ + MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities + +===========================================================================+ Ivan Javier Sanchez Vulnerabitity Assessment Tel-Fax 011-4276-2399 Cel-154879059 www.nullcode.com.ar ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ---MOQ119160708408c16d393ad897378bd9283d81cb30de Content-Type: text/plain; name="MailBee WebMail Pro.txt" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="MailBee WebMail Pro.txt" Kz09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PSsNCisgICAgICBNYWlsQmVlIFdlYk1haWwgUHJvIDw9My40IChY U1MpIE11bHRpcGxlIFJlbW90ZSBWdWxuZXJhYmlsaXRpZXMgICAgICArDQorPT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09Kw0KDQoNCkF1dGhvcihzKTogSXZhbiBTYW5jaGV6ICAmIE1heGltaWxpYW5vIFNvbGVy DQoNClByb2R1Y3Q6IE1haWxCZWUgV2ViTWFpbCBQcm8gMy40DQoNCldlYjogaHR0cDovL3d3dy5h ZnRlcmxvZ2ljLmNvbS8NCg0KVmVyc2lvbnM6IDMuNCAob3IgbGVzcykNCg0KRGF0ZTogMDUvMTAv MjAwNw0KDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQoNCg0KTm90IFZ1 bG5lcmFibGU6IDQuMCAob3Igc3VwZXJpb3IpDQoNCg0KDQpHT09HTEUgRE9SS1M6DQotLS0tLS0t LS0tLS0NClsrXSBpbnRpdGxlOiJNYWlsQmVlIFdlYk1haWwiDQpbK10gaW50ZXh0OiJQb3dlcmVk IGJ5IE1haWxCZWUgV2ViTWFpbCINCg0KDQpFWFBMT0lUOg0KLS0tLS0tLS0NCg0KRm9yIGV4YW1w bGUuLi5hZnRlciB0aGUgdmFyaWFibGUgIm1vZGUyIiBvciAibW9kZSINCg0KaHR0cDovL3d3dy5b RE9NQUlOXS50bGQvW1BBVEhdL2xvZ2luLnBocD9tb2RlPVtYU1NdDQoNCmh0dHA6Ly93d3cuW0RP TUFJTl0udGxkL1tQQVRIXS9kZWZhdWx0LmFzcD9tb2RlPWFkdmFuY2VkX2xvZ2luJm1vZGUyPVtY U1NdDQoNCg0KDQoNCk5VTEwgQ09ERSBTRVJWSUNFUyBbIHd3dy5udWxsY29kZS5jb20uYXIgXSBI dW50aW5nIFNlY3VyaXR5IEJ1Z3MhDQorPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Kw0KKyAgICAgIE1haWxC ZWUgV2ViTWFpbCBQcm8gPD0zLjQgKFhTUykgTXVsdGlwbGUgUmVtb3RlIFZ1bG5lcmFiaWxpdGll cyAgICAgICsNCis9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0r ---MOQ119160708408c16d393ad897378bd9283d81cb30de--

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 ivan. 的文章

文章代碼(AID): #171evB00 (Bugtraq)