+====================================================================+
+      SocketMail <=2.2.1 (XSS) Multiple Remote Vulnerabilities      +
+====================================================================+


Author(s): Ivan Sanchez  &  Maximiliano Soler.

Product: SocketMail.

Description: SocketMail is a powerful, scalable and fully customisable e-mail
solution. Ideal messaging solution for sizes

web site and enterprises.

Web: http://www.socketmail.com/site/home/

Versions: 2.2.1 (or less)

Date: 19/10/2007




GOOGLE DORKS:
------------
[+] intext:"Powered by SocketMail version"



EXPLOIT:
--------

For example...after the variable "lost_id"

http://www.[DOMAIN].tld/[PATH]/lostpwd.php?lost_id=[XSS]




NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+====================================================================+
+      SocketMail <=2.2.1 (XSS) Multiple Remote Vulnerabilities      +
+====================================================================+

-- 
     Maximiliano Soler.
  Reports & Review Code.

    Null Code Services.
    www.nullcode.com.ar

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.