Pues escaneé una web (
www.boladedragon.com ) con el sss y me salió esta vulnerabilidad.
SquirrelMail read_body.php Cross Site Scripting Vulnerability
Bugtraq ID: 6302
Class: Input Validation Error
CVE: CAN-2002-1341
Remote: Yes
Local: No
Published: Dec 03 2002 12:00AM
Updated: Dec 03 2002 12:00AM
Credit: The discovery of this vulnerability is credited to "euronymous" <just-a-user @yandex.ru>.
Vulnerable: SquirrelMail SquirrelMail 1.2.10
SquirrelMail SquirrelMail 1.2.9
SquirrelMail SquirrelMail 1.2.8
+ Terra Soft Solutions Yellow Dog Linux 3.0
+ Terra Soft Solutions Yellow Dog Linux 3.0
+ Terra Soft Solutions Yellow Dog Linux 3.0
SquirrelMail SquirrelMail 1.2.7
+ RedHat Linux 8.0
+ RedHat Linux 8.0
+ RedHat Linux 8.0
SquirrelMail SquirrelMail 1.2.6
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
Y en la pestaña de exploit pone esto:
SquirrelMail read_body.php Cross Site Scripting Vulnerability
No exploit is required for this vulnerability.
Pues eso, como puedo explotar esta vulnerabilidad, porque busqué por google y solo salen un par de páginas que no aclaran nada.
Autor