详情
source: https://www.securityfocus.com/bid/5763/info
SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems.
Multiple cross site scripting vulnerabilities have been discovered in various PHP scripts included with SquirrelMail. By including embedded commands into a malicious link, it is possible for an attacker to execute HTML and script code on a web client in the context of the site hosting the webmail system.
This issue was reported for SquirrelMail 1.2.7, earlier versions may also be affected.
http://.net/webmail/src/addressbook.php?"> http://.net/webmail/src/search.php?mailbox=&wha
t=x&where=BODY&submit=Search
http://.net/webmail/src/search.php?mailbox=INBOX&what=x&where=&submit=Search
http://.net/webmail/src/help.php?chapter=
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容