Re: Sun java System Messenger Express XSS
Interesting but yet I don't any possiblity of an attack.
URL like
http://host/?user=xdfa&error=%3Cscript%3Ealert('hakin9')%3C/script%3E
is generated when user login failed and JES webmail server issued an HTTP
redirect
The webmail server itself will not issue URL like that unless the proxy server
which the browser connects to get hacked. But if a proxy server gets hacked,
that is the end of game. Your BofA account, stock accounts are all
compromised, which has nothing to do with JES messaging server itself.
Secondly, one can look closer to what harm that URL can do. Nothing. That URL
points to a LOGIN page where users have NOT logged in. With no
credential/cookie/session, a static login page cannot lead to any attack.