Doste khob...feker konam az Ettelaati keh dar file hayeh ****i ha Sabt mishan bakhabari....
Behtarin Soee estefadee keh mitone beshe,,
fahmindan list site hayee keh shoma be ona miri va aghe to on site az user password ee wared mikonee ..... in user pass ro file ****i sabt mishe.. albate aksare site ha in ejazaro be karbar midan keh in kar ba entekhab anjam she..maslan Site shabgard org in karo to halate defaultesh anjam mide..yani yeh bar keh user passwordeto dadi bara bare dowom nemikhad.. in kar ba ghereftan user va password Hash shodeyeh shoma anjam mishe........
hala... aghe ba ye Bug beshe in ****i ro ro systeme khodet Enteghal bedi... mitonee be rahati be jayeh on fard warede siteee beshi keh on taraf be on ozve........
Salam mohandes...ini ro ke mikhai man taghriban parsal barnamash ro neveshtam...moteasefane yeki nist be in microsofte ahmagh bege ke in buge hijack ****ie ro pach kone..albate nage behtare;) ta alanesh ke man daram in post ro minevisam ravesham kar mikone...****ie ro ba ye asp az tooye buffer haye ie mikhoonam o to ye file txt minevisam...bad mohtaviyate oon ro to ye ghesmat az hafzeye ie ke age daghighe ro bekhai behet migam mizaram...hamin!hala mizany mail.yahoo.com va tooye mail boxe tarafy..passwordesham avaz kone bazam kar mikone...hich rahy nadare moteasefane ya khosbakhtane)
De******ion: An input validation vulnerability was reported in the Eudora WorldMail Server. A remote user can conduct cross-site ******ing attacks against e-mail users.
exploitlabs.com reported that a search feature does not filter HTML code from user-supplied input when displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary ******ing code to be executed by the target user's browser. The code will originate from the site running the Eudora WorldMail Server software and will run in the security context of that site. As a result, the code will be able to access the target user's ****ies (including authentication ****ies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Impact: A remote user can access the target user's ****ies (including authentication ****ies), if any, associated with the site running the Eudora WorldMail Server software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target use
Çíäã ÇÕá ÞÊæ
VUNERABILITY / EXPLOIT
======================
Vunerable hosts display the following:
-------------- snip ----------------------
A convenient hypertext interface to LDAP and X.500 Directories.
Local domains and aliases
Results for: entries at the top level
Name De******ion
Countries
AE <---------------- example country
IT
CA
--------------- snip --------------------
Select a country ( "AE" used as example )
you should see something like the following..
the results are rendered by the output of the formatted html.
yes, it just a non persistant XSS, but this is running as a service on
port 8888 and is a mail processing server, so there may be other issues
( DoS ? ) as well.
I belive LDAP has some DCOM connectivity as well, and there could be issies
with the LDAP...
SLAPD or X.500 Error: Not found
An error occurred while searching the SLAPD or X.500 directory
The error code was 32:
No such object.
No additional information is available.Please report errors to the
Administrator.
Comment