[Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability

From: Zinho (zinho_at_hackerscenter.com)
Date: 04/25/05

Next message: steven_at_lovebug.org: "Discovering and Stopping Phishing/Scam Attacks"

Previous message: CENSORED: "SQL-injections in Invision Power Board v2.0.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 25 Apr 2005 21:34:10 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory

Desc: Http Splitting leads to email account stealing
Product: SQWebmail
Risk: High

A dangerous http splitting attack can be taken against mailboxes that use Sqwebmail as web mail interface. Anyone can send a malformed link in the email body and stealing session cookie and passwords.

Proof of concept:
///
sqwebmail?redirect=%0d%0a%0d%0a[INJECT SCRIPT]

///

Vendor should patch this issue soon as anyone can attack a user directly.

Author:
Zinho is webmaster and founder of http://www.hackerscenter.com ,
Security research portal
Secure Web Hosting Companies Reviewed:
http://www.securityforge.com/web-hosting/secure-web-hosting.asp

zinho-no-spam @ hackerscenter.com

Next message: steven_at_lovebug.org: "Discovering and Stopping Phishing/Scam Attacks"

Previous message: CENSORED: "SQL-injections in Invision Power Board v2.0.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]