Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: b06-3261.htm

MyMail Directory Traversal And XSS Attacking Vulnerability



MyMail Directory Traversal And XSS Attacking Vulnerability
MyMail Directory Traversal And XSS Attacking Vulnerability



# Kurdish Security Advisory=0D
# irc.gigachat.net #kurdhack=0D
# Discovered by Botan =0D
# http://scripts.codingclick.com/MyMail/=0D 
=0D
http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-9-mymail-directory.html=0D 
=0D
CodingClick.com MyMail Script is useing for scripts.The passing can do between directory. Examine..=0D
=0D
Now only first Directory Traversal vuln=0D
=0D
Vulnerable Version = 0.x=0D
=0D
http://www.site.com/[MyMail_path]/admin/=0D 
http://www.site.com/[MyMail_path]/admin/list.php?action=add=0D 
http://www.site.com/[MyMail_path]/admin/email.php?action=add or /delete=0D 
http://www.site.com/[MyMail_path]/admin/export.php=0D 
http://www.site.com/[MyMail_path]/admin/archive.php?Action=add or /delete=0D 
=0D
=0D
Now XSS attacking looking=0D
=0D
Vulnerable Version = 1.0 Beta=0D
=0D
http://www.site.com/[MyMail_path]/admin/login.php=error=[XSS] 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH