bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/47988.txt
Offensive Security 8683ee3eea DB: 2020-02-04 
8 changes to exploits/shellcodes

BearFTP 0.1.0 - 'PASV' Denial of Service
P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service (PoC)

Jobberbase 2.0 CMS - 'jobs-in' SQL Injection
IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting
phpList 3.5.0 - Authentication Bypass
Jira 8.3.4 - Information Disclosure (Username Enumeration)
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
2020-02-04 05:02:00 +00:00

34 lines
No EOL
1.4 KiB
Text
Raw Blame History

# Title: IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting
# Date: 2020-01-27
# Author: Lutfu Mert Ceylan
# Vendor Homepage: www.icewarp.com
# Tested on: Windows 10
# Versions: 11.4.4.1 and before
# Vulnerable Parameter: "color" (Get Method)
# Google Dork: inurl:/webmail/ intext:Powered by IceWarp Server
# CVE: CVE-2020-8512
# Notes:
# An attacker can use XSS (in color parameter IceWarp WebMail 11.4.4.1 and
# before)to send a malicious script to an unsuspecting Admins or users. The
# end admins or useras browser has no way to know that the script should not
# be trusted, and will execute the script. Because it thinks the script came
# from a trusted source, the malicious script can access any cookies, session
# tokens, or other sensitive information retained by the browser and used
# with that site. These scripts can even rewrite the content of the HTML
# page. Even an attacker can easily place users in social engineering through
# this vulnerability and create a fake field.
# PoC:
# Go to Sign-in page through this path: http://localhost/webmail/ or
http://localhost:32000/webmail/
# Add the "color" parameter to the URL and write malicious code, Example:
http://localhost/webmail/?color="><svg/onload=alert(1)>
# When the user goes to the URL, the malicious code is executed
Example Vulnerable URL: http://localhost/webmail/?color=
"><svg/onload=alert(1)>
Reference in a new issue View git blame Copy permalink