Title:
139E-mailwormwrittenexamples
Download
Description: Using mail.139.com, due to lax message body filtering, leading to xss flaw exists to trigger browser to read the remote js script, and execute the script. The script can IE browsers. Meanwhile, after analysis, mail.139.com send mail function in the presence CSRF vulnerability can send mail through the Ajax technology needed for mid value. Another mailbox " address book" in the contact e-mail can be removed directly through the javascript.
File list (Check if you may need any files):
139邮箱蠕虫编写实例\139邮箱蠕虫编写实例 .txt
139邮箱蠕虫编写实例
