| Welcome to Masterproduction. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
| cXssTester: Checking email s3rvices for teh pr3sen | |
|---|---|
| Tweet Topic Started: Apr 21 2008, 03:49 AM (124 Views) | |
|
|
Apr 21 2008, 03:49 AM Post #1 |
![]()
|
![]() Description socks This script sends a letter to arbitrary values email headlines Features: Support socks proxy Checking all common header (as opposed tester LittleLamer'a checked not only filtering message body, but also the possibility of XSS in the major headlines letter) Easily edited template sending data Two ways to send mail: Sending letters without the use of third-party SMTP servers (script gets MX record DNS) Sending letters by the specified SMTP server with the ability authentication Use Sending a letter to your email and checking the source code received letters. E-mail - our email Message - file with HTML code to verify filtration body html-mails Clicking on the Advanced button, you can easily change the headings or specify their own. The new version [1.0.1]: Now it is possible to create / edit messages from the script (message editor) Added attachment 2: swf pdf and, as at some services when downloading data files may compliance in the context of a domain email service. For example, the m il.ru and possibly execution of arbitrary js, as the code at boot swf files (for use in flash js clips can be used getURL function ( "java script: alert ('1')"); or method call ExternalInterface class). When downloading a pdf file of IE is also possible execution js. For larger chance of success may be to send the victim a reference to any site, which is going to send the victim referer (address letters). Based on this referer'a attachment can be obtained from the address on it and redirect the victim (redirect) Added data in a standard template to test communications service on the vulnerability CDDAF The bug related to the proxy, and a few minor bugs cXssTester Download:
|
![]() |
|
| mw_ | Apr 21 2008, 06:51 PM Post #2 |
|
tHa ShItE!
![]()
|
I tested it. It's great your good
Thanks you. |
![]() |
|
Nick
|
Apr 21 2008, 07:46 PM Post #3 |
|
Old School Metal
![]()
|
Scanned and clean. - Nick |
![]() |
|
| « Previous Topic · Security · Next Topic » |











7:34 PM Jul 11