|Captaris WebMail XSS Vulnerability|
I figured it was about time I hopped on the XSS band-wagon. XSS against webmail clients is actually
mildy interesting and the example CGI script I created provides a good base framework for similar attacks.
Captaris (www.captaris.com) Infinite WebMail application is vulnerable to
Cross-Site Scripting (XSS) attacks. The application fails to filter the
following tags that can both be used to redirect a user to an attack script:
Launch on e-mail open:
Launch on mouse over:
<b onMouseOver= "document.location=
I am sure there are other XSS attack methods that can also be utilized to
bypass their basic filtering.
A sample vulnerable service is provided by dog.com (www.dogmail.com), they are
running WebMail v3.61.05. A sample cookie and mail logger script that will
retrieve all of the messages in the users main mailbox has been written and is available at the link shown above.