Skip to content

Shame on me ;-)

I totally forget to publish my Security Advisory about some Cross-Site Request Forgery & Cross-site Scripting vulnerabilities on http://t-online.de. So I published it today.
 
And here is the link to the advisory SSCHADV2012-099 and here are some pictures about the XSS by html file (1, 2), txt file (1, 2, 3) and two videos about the CSRF vulnerabilities :)
 
Continue reading "Shame on me ;-)"

SSCHADV2012-099 - t-online.de eMail Center - Cross-Site Request Forgery & Cross-site Scripting vulnerabilities

Advisory:
t-online.de eMail Center – Cross-Site Request Forgery  & XSS vulnerabilities
Advisory ID:
SSCHADV2012-099
Author:
Stefan Schurtz
Affected Software:
Successfully tested on email.t-online.de
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
http://email.t-online.de is prone to multiple CSRF and XSS vulnerabilities
 
Continue reading "SSCHADV2012-099 - t-online.de eMail Center - Cross-Site Request Forgery & Cross-site Scripting vulnerabilities"
Imprint | Contact | Privacy Statement