Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

neomailXSS.txt

🗓️ 04 Feb 2006 00:00:00Reported by _6mO_HaCkType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 43 Views

Neomail Cross Site Scripting vulnerability in neomail.pl allows arbitrary script execution, cookie theft, and relogin attacks impacting user email accounts

Code
`Title: Neomail Cross Site Scripting  
  
Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org>  
Discovered: 24 january 2005  
Published: 02 february 2006  
MorX Security Research Team  
http://www.morx.org  
  
Service: Webmail Perl Client  
  
Vendor: neomail / www.neocodesolutions.com  
  
Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks  
  
Severity: Medium/High  
  
Details:  
  
NeoMail is a free open-source perl web-based e-mail client that can be  
installed on any UNIX mail server that is also running a web server. With  
thousands of installations worldwide, neomail has many features like  
Sending/receiving messages with multiple attachments, inline image  
attachment display Friendly, attractive, icon-based user interface,  
multiple language support, including English, Spanish, German, French,  
Hungarian, Italian, Dutch, Polish, Portuguese, Norwegian, Romanian,  
Russian, Slovak, and more can be added easily ... configurable limits on  
outgoing attachment size, folder disk usage, addressbook size... users can  
import their address book from Outlook Express or Netscape Mail in CSV  
format and more. neomail.pl is prone to cross-site scripting attacks. This  
problem is due to a failure in the script to properly sanitize  
user-supplied input. input can be passed in variable $date  
  
Impact:  
  
an attacker can exploit the vulnerable scripts to have arbitrary script  
code executed in the browser of an authentified  
neomail user in the context of the vulnerable website. resulting in the  
theft of cookie-based authentication giving the  
attacker full access to the victim's neomail email account as well as  
other type of attacks.  
  
  
Affected script with proof of concept exploit:  
  
/neomail.pl?sessionid=XXXX-session-0.9565905XXXXXXXX&sort=date"><script>alert('vul')</script>&folder&action=displayheaders&firstmessage=1  
  
Examples:  
  
http://www.vulnerable-site.com/neomail.pl?sessionid=XXXX-session-0.9565905XXXXXXXX&sort=date"><script>alert('vul')</script>&folder=&action=displayheaders&firstmessage=1  
  
Disclaimer:  
  
this entire document is for eductional, testing and demonstrating purpose  
only. Modification use and/or publishing this information is entirely on  
your OWN risk. The information provided in this advisory is to be  
used/tested on your OWN machine/Account. I cannot be held responsible for  
any of the above.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Feb 2006 00:00Current
7.4High risk
Vulners AI Score7.4
neomailcross site scriptingcookie-theftrelogin attackswebmailperl clientvulnerabilityseveritymorx security research teamneomailneocodesolutions.comunix mail serverweb serverxssauthenticationvulnerable websiteexploit
43