xmlns:fb=’http://www.facebook.com/2008/fbml’ Persistent XSS (Cross-site scripting) in Mail.com | Ethical Security

search

Custom Search

Friday, August 20, 2010

Persistent XSS (Cross-site scripting) in Mail.com

Mail.com Media Corp. is an American digital media company controlled and operated by Jay Penske.The company owns and operates Mail.com, a free email service with over 14,434,646 registered accounts that competes with Gmail and Yahoo! Mail, and also serves as a news and topical web portal.


Cross site scripting remains a major issue nowadays in web site and one such issue exists in the famous email service provider "Mail.com".






you can watch a proof of concept :

Mail.com Persistent XSS from dito2 on Vimeo.


The attacker can send xss scripts to the victims who are registered in mail.com either to
steal thier cookies or can also redirect them to the attacker's fake page so that the user becomes a victim of phishing.The ways are many.

Hope these loopholes are fixed as soon as possible

No comments:

Related Posts with Thumbnails
When reproducing our materials in whole or in part, hyperlink to the articles should be strictly made Creative Commons License This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 India License.