Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Wed Sep 12 2001 - 19:28:12 CDT
TOPIC: Myownemail.com accounts vulnerable to script attack.
ADVISORY NR: 200101
VULNERABILITY FOUND AND WRITTEN BY: 1; (One Semicolon)
Myownemail.com was contacted on September 5, 2001 using the support form.
No reply was received.
Myownemail.com is a web based mail service that lets you choose from a large
amount of domains to get a personalized email account. This vulnerability was
tested to work in Internet Explorer 5.5 and Netscape Navigator 4.73.
Whenever you login to a Myownemail account the inbox is opened. If you send a email
with a specially formed "from" field, which usually contains a name, you can
Myownemail.com has not yet fixed this to my knowledge.
Recently a advisory was posted on Bugtraq about a similar bug in Hotmail. This
advisory was not written because of that. I found this particular problem on
September 5th. On the same day I contacted Myownemail.com.
I sent Myownemail a simple proof of concept, because it is easy enough to make
this work I do not see the need to produce example code.