Security Lab

Vulnerability Under PostMaster Ver 3.16.1

Дата публикации:15.11.2003
Всего просмотров:947
Опасность:
Наличие исправления:
Количество уязвимостей:1
CVE ID: Нет данных
Вектор эксплуатации:
Воздействие:
CWE ID: Нет данных
Наличие эксплоита: Нет данных
Уязвимые продукты:
Описание: This is a multi-part message in MIME format.
--------------070008000608010009030207
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit




Hi ,



------------------------------------------------------------------------
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
<http://antispam.yahoo.com/whatsnewfree>

--------------070008000608010009030207
Content-Type: text/plain;
name="PostMaster.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="PostMaster.txt"

14/11/03


====================================
GSSIT - Global Security Solution IT
====================================        

-------------------------------------------------------

Application: PostMaster
Web Site:    http://www.woppoware.com.au/
Versions:    3.16.1
Platform:    Windows
Bug :        C.S.S
            
                          
Credits:
########

#########################################
#         ==  Ziv Kamir ==              #
#                                       #
# GSSIT - Global Security Solution IT   #                  
#                                       #
#     Email : gss_it@yahoo.com          #
#                                       #
#                                       #
#########################################

---------------------

1) Introduction
2) Bug
3) The Code
4) Fix


================
1) Introduction
================

PostMaster is a combined Mail & Proxy Server,
ideally suited to small business or home users.

=======
2) Bug
=======

PostMaster Proxy Server suffer from C.S.S (Cross Site Scripting).


===========
3) The Code
===========


http://localhost:8000/<script>alert('CSS')</script>


======
4) Fix
======

Date of Vendor Notification:

13/11/03

Status: