MailBeeWebMailPro.txt
Posted on 06 October 2007
+===========================================================================+ + MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities + +===========================================================================+ Author(s): Ivan Sanchez & Maximiliano Soler Product: MailBee WebMail Pro 3.4 Web: http://www.afterlogic.com/ Versions: 3.4 (or less) Date: 05/10/2007 --------------------------------- Not Vulnerable: 4.0 (or superior) GOOGLE DORKS: ------------ [+] intitle:"MailBee WebMail" [+] intext:"Powered by MailBee WebMail" EXPLOIT: -------- For example...after the variable "mode2" or "mode" http://www.[DOMAIN].tld/[PATH]/login.php?mode=[XSS] http://www.[DOMAIN].tld/[PATH]/default.asp?mode=advanced_login&mode2=[XSS] NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs! +===========================================================================+ + MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities + +===========================================================================+