Advisory:		t-online.de eMail Center - Cross-Site Request Forgery  & Cross-site Scripting vulnerability
Advisory ID:		SSCHADV2012-099
Author:			Stefan Schurtz
Affected Software:	Successfully tested on email.t-online.de
Vendor URL:		http://www.t-online.de
Vendor Status:		fixed

==========================
Vulnerability Description
==========================

http://email.t-online.de is prone to multiple CSRF and XSS vulnerabilities

==========================
PoC-Exploit
==========================

// XSS

A XSS it's possible by a text or html file send as attachement, which includes the following 
JavaScript `'"</script><script>alert(/xss/)</script>`. When the user opens the attachment the XSS is executed. 

// CSRF

It's possible to logout a user, to deactivate the spam detection and to set a new e-mail forwarding.

==========================
Solution
==========================

fixed

==========================
Disclosure Timeline
==========================

08-Sep-2012 - T-online Support informed (info@telekom.de)
08-Sep-2012 - heise Security informed 
11-Sep-2012 - Telekom Security Team informed by heise Security
13-Oct-2012 - fixed by vendor

==========================
Credits
==========================

Vulnerabilities found and advisory written by Stefan Schurtz.

==========================
References
==========================

http://www.darksecurity.de/advisories/2012/SSCHADV2012-099.txt