SSCHADV2012-099 - t-online.de eMail Center - Cross-Site Request Forgery & Cross-site Scripting vulnerabilities
Advisory:
|
t-online.de eMail Center – Cross-Site Request Forgery & XSS vulnerabilities
|
Advisory ID:
|
SSCHADV2012-099
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on email.t-online.de
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
http://email.t-online.de is prone to multiple CSRF and XSS vulnerabilities
======================
PoC-Exploit
======================
// XSS
PoC-Exploit
======================
// XSS
A XSS it’s possible by a text or html file send as an attachement, which includes the following JavaScript: ‘"</script><script>alert(/xss/)</script>. When the user opens the attachment the XSS is executed. |
// CSRF
It’s possible to logout a user, to deactivate the spam detection and to set a new e-mail forwarding.
======================
Solution
======================
fixed
======================
Disclosure Timeline
======================
08-Sep-2012 – T-online Support informed (info@telekom.de)
08-Sep-2012 – heise Security informed
11-Sep-2012 – Telekom Security Team informed by heise Security
13-Oct-2012 – fixed by vendor
======================
Credits
======================
Vulnerabilities found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.darksecurity.de/advisories/2012/SSCHADV2012-099.txt
Comments
Display comments as Linear | Threaded