Related information

Microsoft Outlook Web Access crossite scripting

Microsoft Security Bulletin MS05-029 Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179)

HTTP Response Splitting vulnerability in Microsoft Outlook Web Access for Exchange 5.5

Microsoft Security Bulletin MS04-026 Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436)

Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (Microsoft Security Bulletin MS03-047)

From:	Hugo Vázquez Caramés <overclocking_a_la_abuela_(at)_hotmail.com>
Date:	10.07.2003
Subject:	Domain User Credentials access via OWA XSS

On my previous post about OWA XSS I talked about Cross
Site Scripting in the attachment field of a mail. The
XSS is not in the attachment, is in the body of the
message.
Sorry, I need to sleep...
Please notice: not in the attachment, in the BODY.

To make it clear to understand I have just published on
my site (www.infohacking.com) a report explaining how
to reproduce this bug on a real environment with a
proof of concept exploit.

Our code is able to exploit the XSS on the Outlook Web
Access to show the user cookie and the Windows domain,
username and password in cleartext.

Have fun!

Hugo Vázquez Caramés & Toni Cortés Martínez
Infohacking Research 2003
Barcelona
Spain