Re: Sun java System Messenger Express XSS



Interesting but yet I don't any possiblity of an attack.

URL like

http://host/?user=xdfa&error=%3Cscript%3Ealert('hakin9')%3C/script%3E

is generated when user login failed and JES webmail server issued an HTTP redirect

The webmail server itself will not issue URL like that unless the proxy server which the browser connects to get hacked. But if a proxy server gets hacked, that is the end of game. Your BofA account, stock accounts are all compromised, which has nothing to do with JES messaging server itself.

Secondly, one can look closer to what harm that URL can do. Nothing. That URL points to a LOGIN page where users have NOT logged in. With no credential/cookie/session, a static login page cannot lead to any attack.



Relevant Pages

  • Re: OT- root Q? Was: Re: "Bugbear" virus in Linux?
    ... How does knowing the name attached to uid 0 help you ... Are you thinking of some kind of password attack against a ... password attacks against a login ... Many SSH installations I've seen permit root logins by default. ...
    (comp.os.linux.misc)
  • Alpha Phising [IE 6 WinXP SP2]
    ... Therefore i thought a bit about phishing attacks and which of them are ... cross site scripting or spoofing entire websites. ... login website in a frameset and works as ... a "man-in-the-middle" attack when the user submits his login data. ...
    (NT-Bugtraq)
  • Alpha Phising [IE 6 WinXP SP2]
    ... Therefore i thought a bit about phishing attacks and which of them are ... cross site scripting or spoofing entire websites. ... login website in a frameset and works as ... a "man-in-the-middle" attack when the user submits his login data. ...
    (Bugtraq)
  • [Full-Disclosure] Alpha Phising [IE 6 WinXP SP2]
    ... Therefore i thought a bit about phishing attacks and which of them are ... cross site scripting or spoofing entire websites. ... login website in a frameset and works as ... a "man-in-the-middle" attack when the user submits his login data. ...
    (Full-Disclosure)
  • Re: Human-answerable challenge response login
    ... anything of much importance. ... In practice this does not seem a very likely attack given that the login ... Since screen capture paracites are ...
    (sci.crypt)