Bugtraqmailing list archives
I have discovered small xss error in open webmail 2.41
From: s3cure () poczta fm
Date: 3 Sep 2005 16:07:03 -0000
Discovered by s3cureRisk: smallWhen we are logged on account we see:http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-0.274744641575129&action=listmessages_afterloginNow we can do small xss:http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-here xss&action=listmessages_afterloginOfcourse we can do a lots of other things but ... It's now your job.
Current thread:
- I have discovered small xss error in open webmail 2.41s3cure (Sep 06)