Hackernetwork Mail Xss[Search] Vulnerability
New Xss Hackernetwork Mail Vulnerability
Hackernetwork Mail Xss[Search] Vulnerability
ENGLISH
#Title : Hackernetwork Mail Xss[Search] Vulnerability
#Author: ajann
Example;
http://hackernetwork.mail.everyone.net/email/scripts/contacts.pl?goToMenu=&EV1=11481394101759371&ab_to=&deleteFlag=&pageNumber=0&matchString=XSS(Url
Encode)&matchField=firstName&sortOrder=asc&&addrBook=personal&search_matchField=firstName
TURKISH
#Title : Hackernetwork Mail Xss[Search] Vulnerability
#Author: ajann
Örnek;
http://hackernetwork.mail.everyone.net/email/scripts/contacts.pl?goToMenu=&EV1=11481394101759371&ab_to=&deleteFlag=&pageNumber=0&matchString=XSS
KODUNUZ&matchField=firstName&sortOrder=asc&&addrBook=personal&search_matchField=firstName
Açıklama:
Adres defterinde bulunan filtreleme eksikliği nedeniyle ararken xss
yedirilebilmektedir.
Bir loglama scripti yazarak şifre ve kullanıcı adını
encodesiz ele geçirebilirsiniz.