Re: Sun java System Messenger Express XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Sun java System Messenger Express XSS
From: b2wang@xxxxxxxxx
Date: 4 Jan 2007 19:59:01 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Interesting but yet I don't any possiblity of an attack.

URL like

http://host/?user=xdfa&error=%3Cscript%3Ealert('hakin9')%3C/script%3E

is generated when user login failed and JES webmail server issued an HTTP 
redirect

The webmail server itself will not issue URL like that unless the proxy server 
which the browser connects to get hacked.  But if a proxy server gets hacked, 
that is the end of game.  Your BofA account, stock accounts are all 
compromised, which has nothing to do with JES messaging server itself.

Secondly, one can look closer to what harm that URL can do.  Nothing.  That URL 
points to a LOGIN page where users have NOT logged in.  With no 
credential/cookie/session, a static login page cannot lead to any attack.

Prev by Date: Vendor guidelines regarding security contacts
Next by Date: createauction (cats.asp) Remote SQL Injection Vulnerability
Previous by thread: Sun java System Messenger Express XSS
Next by thread: New Flaw in Firefox 2.0: DoS and possible remote code execution
Index(es):
- Date
- Thread