Hackernetwork Mail Xss[Search] Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Hackernetwork Mail Xss[Search] Vulnerability
From: ajannhwt@xxxxxxxxxxx
Date: 23 May 2006 07:03:13 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

New Xss Hackernetwork Mail Vulnerability

Hackernetwork Mail Xss[Search] Vulnerability

ENGLISH

#Title : Hackernetwork Mail Xss[Search] Vulnerability

#Author: ajann

Example;

http://hackernetwork.mail.everyone.net/email/scripts/contacts.pl?goToMenu=&EV1=11481394101759371&ab_to=&deleteFlag=&pageNumber=0&matchString=XSS(Url
 
Encode)&matchField=firstName&sortOrder=asc&&addrBook=personal&search_matchField=firstName

TURKISH

#Title : Hackernetwork Mail Xss[Search] Vulnerability

#Author: ajann

Örnek;

http://hackernetwork.mail.everyone.net/email/scripts/contacts.pl?goToMenu=&EV1=11481394101759371&ab_to=&deleteFlag=&pageNumber=0&matchString=XSS
 
KODUNUZ&matchField=firstName&sortOrder=asc&&addrBook=personal&search_matchField=firstName

Aç&#305;klama:

Adres defterinde bulunan filtreleme eksikli&#287;i nedeniyle ararken xss 
yedirilebilmektedir.
Bir loglama scripti yazarak &#351;ifre ve kullan&#305;c&#305; ad&#305;n&#305; 
encodesiz ele geçirebilirsiniz.

Prev by Date: iFlance v1.1
Next by Date: PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15
Previous by thread: iFlance v1.1
Next by thread: PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15
Index(es):
- Date
- Thread