intitle:”EMUMAIL – Login” “Powered by EMU Webmail”

Posted by cyberdevil on September 5, 2007

The failure to strip script tags in emumail.cgi allows for XSS type of attack. Vulnerable systems: * EMU Webmail version 5.0 * EMU Webmail version 5.1.0 Depending on what functions you throw in there, you get certain contents of the emumail.cgi file. The vulnerability was discovered in an obsolete script named userstat.pl shipped with Open Webmail. The script doesn’t properly filter out shell characters from the loginname parameter. http://www.securityfocus.com/bid/9861

This entry was posted on September 5, 2007 at 10:00 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

You must be logged in to post a comment.

« “Powered by FUDforum”

intitle:”Apache HTTP Server” intitle:”documentation” »

	Heru on About
	dikdeo on inurl:*.exe ext:exe inurl…
	Sky Blog: phanleson… on “powered by ubbthre…
	gacleck on “Powered by Duclassified…
	Recent Links Tagged … on phpLDAPadmin intitle:phpLDAPad…

Google Hacking

GOOGLE HACKING TRICKS, LEARN SECRETS OF HACKING

a

Blogroll

Top Clicks

Top Posts

Recent Posts

Recent Comments

Subscribe

Meta

intitle:”EMUMAIL – Login” “Powered by EMU Webmail”

Leave a Reply