('binary' encoding is not supported, stored as-is) Hello All. This is ANOTHER css vuln that has been found in web-based e-mail sites. Its not some high profile site but its vulnerable none the less. I have an email address at www.iraqmail.com and it is possible to embed any amount of code into the body of the page. There are 2 things you need to do first. The first thing you must do is register an account at www.iraqmail.com Secondly you must send an email to anyone. In the body of the page after the mail has been sent it should say: Your message has been submitted If you look in the address space there should be a url along the lines of: http://www.iraqmail.com/Account/Mailbox/INBOX.h tml? Info=Your+message+has+been+submitted&SID= 131832-Pv5fIj5GobKp6ipfPks6& You simply replace "Your+message+has+been+submitted" with any code and it will appear in the source of the page. http://www.iraqmail.com/Account/Mailbox/INBOX.h tml?Info=<script>alert('InterWN Labs') </script>&SID=131832-Pv5fIj5GobKp6ipfPks6& That will pop up an alert box with the name of our security group. Im sure someone could find some far more clever ways to exploit this. Thats it. Thanx. --philer www.interwn.nl www.ugcia.net
This archive was generated by hypermail 2b30 : Thu Jan 24 2002 - 13:20:28 PST