Hackers Center Security Group (http://www.hackerscenter.com/) Zinho's Security Advisory Desc: Http Splitting leads to email account stealing Product: SQWebmail Risk: High A dangerous http splitting attack can be taken against mailboxes that use Sqwebmail as web mail interface. Anyone can send a malformed link in the email body and stealing session cookie and passwords. Proof of concept: /// sqwebmail?redirect=%0d%0a%0d%0a[INJECT SCRIPT] /// Vendor should patch this issue soon as anyone can attack a user directly. Author: Zinho is webmaster and founder of http://www.hackerscenter.com , Security research portal Secure Web Hosting Companies Reviewed: http://www.securityforge.com/web-hosting/secure-web-hosting.asp zinho-no-spam @ hackerscenter.com
