BasiliX Webmail 1.1 Email Header HTML Injection Vulnerability

2004-07-05T00:00:00
ID EDB-ID:24254
Type exploitdb
Reporter Roman Medina-Heigl Hernandez
Modified 2004-07-05T00:00:00

Description

BasiliX Webmail 1.1 Email Header HTML Injection Vulnerability. Webapps exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/10662/info

BasiliX Webmail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings.

An attacker can exploit this issue to gain access to an unsuspecting user's cookie based authentication credentials; disclosure of personal email is possible. Other attacks are also possible.

Content-Type: application/octet-stream"<script>window.alert(document.cookie)</script>"; name=top_secret.pdf