Risks
Vulnerabilities
Browse by
Mail.com Cross Site Scripting Vulnerability
04 January 2002
Bookmark and Share
----------------------------------------------
Mail.com Cross Site Scripting Vulnerability
Ministry-of-Peace - www.ministryofpeace.co.uk
----------------------------------------------

SYNOPSIS

Mail.com offers free webmail services, which are used by tens of thousands of people around the world. The site suffers from a CSS vulnerability, giving a malicious user the ability to view the site cookies of any user currently logged in.

IMPACT

If a malicious user can get the mail.com user to follow a simple link, then they can grab that users mail.com cookies and possibly use them to authenticate as that user.

WORKING EXAMPLE

Log into your mail.com account, and then go to:

http://mymail.mail.com/scripts/common/forgotpasswd.cgi?login=
<p><script>document.writeln(document.cookie)</
script></p>

CREDITS

Vulnerability discovered by Digital Shadow.

INFO

Security Advisory #03
Published: 03rd January 2002




Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Aug 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //