Computer Security

Security Advisory: Tempinbox.com
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Enterprise TimeSheet and Payroll (EPS) <= v.1.1 Remote File Include Vulnerability

  MailEnable Enterprise Edition ASP Version <= 2.0

  phpOnDirectory (CONST_INCLUDE_RO
OT) <= v.1.0 Remote File Include Vulnerability

  aePartner (dir[data]) <= v.0.8.3 Remote File Include Vulnerability

From:luny_(at)_youfucktard.com <luny_(at)_youfucktard.com>
Date:11.06.2006
Subject:Tempinbox.com

Tempinbox.com

Homepage:
http://www.tempinbox.com

Effected files:
checkmail.pl

Description:

Tempinbox.com is a free throw away, no sending email service. You enter an account name and you can
instantly check email.

XSS Vulnerability:

It seems the title of emails and subjects are not sanatized, so if a user was to put <IMG
SRC=javascript:alert('XSS')> as a title or subject of aemail, and then someone went to view it, an XSS
attack could occur.
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru