Tempinbox.com

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Tempinbox.com
From: luny@xxxxxxxxxxxxxxx
Date: 10 Jun 2006 07:54:36 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Tempinbox.com

Homepage:
http://www.tempinbox.com

Effected files:
checkmail.pl

Description:

Tempinbox.com is a free throw away, no sending email service. You enter an 
account name and you can instantly check email.

XSS Vulnerability:

It seems the title of emails and subjects are not sanatized, so if a user was 
to put <IMG SRC=javascript:alert('XSS')> as a title or subject of aemail, and 
then someone went to view it, an XSS attack could occur.

Prev by Date: fx-APP Version 0.0.8.1
Next by Date: AsianXO.com - XSS with cookie data include
Previous by thread: Re: fx-APP Version 0.0.8.1
Next by thread: AsianXO.com - XSS with cookie data include
Index(es):
- Date
- Thread