{"hash": "b5935eb914582764174ecbbbc770ee739bbfd5ab64996d6290a548e39394558d", "sourceHref": "https://packetstormsecurity.com/files/download/43584/neomailXSS.txt", "title": "neomailXSS.txt", "id": "PACKETSTORM:43584", "published": "2006-02-04T00:00:00", "description": "", "modified": "2006-02-04T00:00:00", "sourceData": "`Title: Neomail Cross Site Scripting \n \nAuthor: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org> \nDiscovered: 24 january 2005 \nPublished: 02 february 2006 \nMorX Security Research Team \nhttp://www.morx.org \n \nService: Webmail Perl Client \n \nVendor: neomail / www.neocodesolutions.com \n \nVulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks \n \nSeverity: Medium/High \n \nDetails: \n \nNeoMail is a free open-source perl web-based e-mail client that can be \ninstalled on any UNIX mail server that is also running a web server. With \nthousands of installations worldwide, neomail has many features like \nSending/receiving messages with multiple attachments, inline image \nattachment display Friendly, attractive, icon-based user interface, \nmultiple language support, including English, Spanish, German, French, \nHungarian, Italian, Dutch, Polish, Portuguese, Norwegian, Romanian, \nRussian, Slovak, and more can be added easily ... configurable limits on \noutgoing attachment size, folder disk usage, addressbook size... users can \nimport their address book from Outlook Express or Netscape Mail in CSV \nformat and more. neomail.pl is prone to cross-site scripting attacks. This \nproblem is due to a failure in the script to properly sanitize \nuser-supplied input. input can be passed in variable $date \n \nImpact: \n \nan attacker can exploit the vulnerable scripts to have arbitrary script \ncode executed in the browser of an authentified \nneomail user in the context of the vulnerable website. resulting in the \ntheft of cookie-based authentication giving the \nattacker full access to the victim's neomail email account as well as \nother type of attacks. \n \n \nAffected script with proof of concept exploit: \n \n/neomail.pl?sessionid=XXXX-session-0.9565905XXXXXXXX&sort=date\"><script>alert('vul')</script>&folder&action=displayheaders&firstmessage=1 \n \nExamples: \n \nhttp://www.vulnerable-site.com/neomail.pl?sessionid=XXXX-session-0.9565905XXXXXXXX&sort=date\"><script>alert('vul')</script>&folder=&action=displayheaders&firstmessage=1 \n \nDisclaimer: \n \nthis entire document is for eductional, testing and demonstrating purpose \nonly. Modification use and/or publishing this information is entirely on \nyour OWN risk. The information provided in this advisory is to be \nused/tested on your OWN machine/Account. I cannot be held responsible for \nany of the above. \n`\n", "reporter": "_6mO_HaCk", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "4d1d507d23a86b8c55024f8eed4c982c"}, {"key": "modified", "hash": "1c84a978bc9f500bec3cf43e2c25e48b"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "1c84a978bc9f500bec3cf43e2c25e48b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "4b551459b281a3c792d674177206bf37"}, {"key": "sourceData", "hash": "47b0b6ea0408cdd51d629a102590ab0e"}, {"key": "sourceHref", "hash": "83fce89c2179b60226181216ee8f1422"}, {"key": "title", "hash": "a15357b84a0856bd6a3bae999b24499e"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/43584/neomailXSS.txt.html", "lastseen": "2016-11-03T10:29:22", "viewCount": 0, "enchantments": {"vulnersScore": 0.0}}

{"result": {}}