webstar-xssrfi.txt
Posted on 22 January 2008
Hi PacketStormSecurity! I'm reporting a vulnerability of type XSS and RFI in WebSTAR Mail. Thank you for all. +==========================================================================+ + WebSTAR Mail <= 4.4.1 XSS & RFI Multiple Remote Vulnerabilities + +==========================================================================+ Author(s): Ivan Sanchez & Maximiliano Soler Product: Kerio. Web: http://www.kerio.com/webstar_home.html Versions: 4.4.1 (or less). Date: 21/01/2008 GOOGLE DORKS: ------------ [+] intitle:"WebSTAR Mail - Please Log In" inurl:".mail" EXPLOIT: -------- For example...after the variable "@" http://www.[DOMAIN].tld/.mail?[ERROR-Code]@[XSS or RFI] NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs! +==========================================================================+ + WebSTAR Mail <= 4.4.1 XSS & RFI Multiple Remote Vulnerabilities + +==========================================================================+ -- Maximiliano Soler. Reports & Review Code. Null Code Services. www.nullcode.com.ar ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
