SQWebMail is vulnerable to Cross-site scripting / HTTP Response Splitting.
b1598238af35468ae7390ddb40c1325dab2802e792487ba37010e46dfab6bc58Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory
Desc: Http Splitting leads to email account stealing
Product: SQWebmail
Risk: High
A dangerous http splitting attack can be taken against mailboxes that
use Sqwebmail as web mail interface. Anyone can send a malformed
link in the email body and stealing session cookie and passwords.
Proof of concept:
///
sqwebmail?redirect=%0d%0a%0d%0a[INJECT SCRIPT]
///
Vendor should patch this issue soon as anyone can attack a user
directly.
Author:
Zinho is webmaster and founder of http://www.hackerscenter.com ,
Security research portal
Secure Web Hosting Companies Reviewed:
http://www.securityforge.com/web-hosting/secure-web-hosting.asp
zinho-no-spam @ hackerscenter.com
====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
http://www.hackerscenter.com
http://www.securityforge.com/web-hosting
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed