About once a month or less I am actually amazed by something in web application security. Most of the time it’s when two technologies that are otherwise not connected suddenly are used against one another. Well this time is no different. Wade sent me a link to a paper he wrote and published but for some reason never made it out into the world. Well this is one of those few papers that amazed me so I’m making it my job to tell people about it. Wade has demonstrated that IMAP is vulnerable to cross site scripting. Wow.
Wow. Pretty cool stuff, and pretty straight forward when you think about it. I don’t know if IMAP 4 is vulnerable but IMAP 3 is, so additional testing might be required. This is yet another example of how the internet is basically swiss cheese and by using two completely unrelated protocols you can gain access to an otherwise hardened machine using the administrator’s credentials or from behind the firewall.