Mail.com Media Corp. is an American digital media company controlled and operated by Jay Penske.The company owns and operates Mail.com, a free email service with over 14,434,646 registered accounts that competes with Gmail and Yahoo! Mail, and also serves as a news and topical web portal.
Cross site scripting remains a major issue nowadays in web site and one such issue exists in the famous email service provider "Mail.com".
you can watch a proof of concept :
Mail.com Persistent XSS from dito2 on Vimeo.
The attacker can send xss scripts to the victims who are registered in mail.com either to
steal thier cookies or can also redirect them to the attacker's fake page so that the user becomes a victim of phishing.The ways are many.
Hope these loopholes are fixed as soon as possible
search
Custom Search
Friday, August 20, 2010
Persistent XSS (Cross-site scripting) in Mail.com
Subscribe to:
Post Comments (Atom)
When reproducing our materials in whole or in part, hyperlink to the articles should be strictly made
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 India License.
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 India License.
Posts
No comments:
Post a Comment