inoutwebmail Persistent Xss Vulnerability

vendor:

Inout Webmail

by:

Sid3^effects aKa HaRi

7,5

CVSS

HIGH

XSS

CWE

Product Name: Inout Webmail

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

inoutwebmail Persistent Xss Vulnerability

The vulnerability exists due to failure in the script to properly sanitize user-supplied input.Successful exploitation of this vulnerability could result in a compromise of the application,disclosure or modification of sensitive data. The Xss vulnerability exists in 'contacts',emailfilter. Also the attacker can send malicious xss scripts to the users who are using this application. Attack parameter: '><script>alert('xss')</script>'

Mitigation:

N/A

Source

Exploit-DB raw data:

#Name :inoutwebmail Persistent Xss Vulnerability
#Date : Dec,20 2010
#Vendor Url :http://www.inoutscripts.com/
#Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
#Big hugs : Th3 RDX,Hanan_butt,
#special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,SeeMe,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,tranquiller,Sug@R
#greetz to :!Op3x_ninjato team,www.topsecure.net ,trent Dillman,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
Inout Webmail is a complete webmail solution for your website. Build your own personal secure mail service today

###############################################################################################################
Exploit:Persistent Xss Vulnerability

The vulnerability exists due to failure in the script to properly sanitize user-supplied input.Successful exploitation of this vulnerability could result in a compromise of the application,disclosure or modification of sensitive data.


>The Xss vulnerability exists in "contacts",emailfilter
>Also the attacker can send malicious xss scripts to the users who are using this application

Attack parameter: "><script>alert("xss")</script>

>http://server/path/index.php?page=mail/mailbox
>http://server/index.php?page=settings/emailfilter

###############################################################################################################
Fix:
   N/a
###############################################################################################################
# 0day no more
# Sid3^effects
# 1337day.com