MailBee WebMail Pro versions 3.4 and below suffer from multiple cross site scripting vulnerabilities.
8528c171be555127dcec55a5c69531d596d97e13c0855c8f559060209ec22542+===========================================================================+
+ MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities +
+===========================================================================+
Author(s): Ivan Sanchez & Maximiliano Soler
Product: MailBee WebMail Pro 3.4
Web: http://www.afterlogic.com/
Versions: 3.4 (or less)
Date: 05/10/2007
---------------------------------
Not Vulnerable: 4.0 (or superior)
GOOGLE DORKS:
------------
[+] intitle:"MailBee WebMail"
[+] intext:"Powered by MailBee WebMail"
EXPLOIT:
--------
For example...after the variable "mode2" or "mode"
http://www.[DOMAIN].tld/[PATH]/login.php?mode=[XSS]
http://www.[DOMAIN].tld/[PATH]/default.asp?mode=advanced_login&mode2=[XSS]
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+===========================================================================+
+ MailBee WebMail Pro <=3.4 (XSS) Multiple Remote Vulnerabilities +
+===========================================================================+
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed