Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Atmail WebMail Cross Site Scripting

🗓️ 21 Sep 2010 00:00:00Reported by Vicente Aguilera DiazType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

Atmail WebMail XSS Vulnerability in Login Proces

Code
`=============================================  
INTERNET SECURITY AUDITORS ALERT 2010-009  
- Original release date: August 30th, 2010  
- Last revised: September 21st, 2010  
- Discovered by: Vicente Aguilera Diaz  
- Severity: 4.3/10 (CVSSv2 Base Scored)  
=============================================  
  
I. VULNERABILITY  
-------------------------  
Reflected XSS in the login process of the Atmail WebMail < v6.1.9  
  
II. BACKGROUND  
-------------------------  
Atmail allows users to access IMAP Mailboxes of any server of your  
choice. The software provides a comprehensive email-suite for  
accessing user mailboxes, and provides an inbuilt Calendar and  
Addressbook features. The WebMail Client of Atmail supports any  
existing IMAP server running under Unix/Linux or Windows systems.  
  
III. DESCRIPTION  
-------------------------  
Has been detected a reflected XSS vulnerability in the login process  
of the Atmail WebMail, that allows the execution of arbitrary  
HTML/script code to be executed in the context of the victim user's  
browser.  
  
The code injection is done through the "MailType" parameter, and can  
be exploited without a user account in the WebMail.  
  
Moreover, the login request may be made by the HTTP GET method (by  
default, HTTP POST method is used), so this facilitates the  
exploitation of the vulnerability.  
  
IV. PROOF OF CONCEPT  
-------------------------  
=== Original request:  
POST /index.php/mail/auth/processlogin HTTP/1.1  
Host: <atmail_host>  
...  
  
emailName=<emailName>&emailDomain=<emailDomain>&cssStyle=original&email=<email>password=<password>&requestedServer=&MailType=IMAP  
  
=== Malicious request - Example 1:  
POST /index.php/mail/auth/processlogin HTTP/1.1  
Host: <atmail_host>  
...  
  
emailName=<emailName>&emailDomain=<emailDomain>&cssStyle=original&email=<email>password=<password>&requestedServer=&MailType=<script>alert(document.cookie);</script>  
  
=== Malicious request - Example 2:  
GET  
/index.php/mail/auth/processlogin?emailName=<emailName>&emailDomain=<emailDomain>&cssStyle=original&email=<email>password=<password>&requestedServer=&MailType=<script>alert(document.cookie);</script>  
HTTP/1.1  
  
V. BUSINESS IMPACT  
-------------------------  
An attacker can execute arbitrary HTML or script code in a targeted  
user's browser, this can leverage to steal sensitive information as  
user credentials, personal data, etc.  
  
VI. SYSTEMS AFFECTED  
-------------------------  
Tested in Atmail 6.1.9. Other versions may be affected too.  
  
VII. SOLUTION  
-------------------------  
Upgrade to version 6.2.0  
  
VIII. REFERENCES  
-------------------------  
http://www.atmail.com  
http://www.isecauditors.com  
  
IX. CREDITS  
-------------------------  
This vulnerability has been discovered  
by Vicente Aguilera Diaz (vaguilera (at) isecauditors (dot) com).  
  
X. REVISION HISTORY  
-------------------------  
August 30, 2010: Initial release  
September 21, 2010: Last revision  
  
XI. DISCLOSURE TIMELINE  
-------------------------  
August 30, 2010: Discovered by Internet Security Auditors  
August 31, 2010: Atmail contacted including PoC.  
Response about the scheduled correction.  
September 2, 2010: Published version 6.2.0 that includes this patch.  
September 21, 2010: Advisory sent to public lists.  
  
XII. LEGAL NOTICES  
-------------------------  
The information contained within this advisory is supplied "as-is"  
with no warranties or guarantees of fitness of use or otherwise.  
Internet Security Auditors accepts no responsibility for any damage  
caused by the use or misuse of this information.  
  
XIII. ABOUT  
-------------------------  
Internet Security Auditors is a Spain based leader in web application  
testing, network security, penetration testing, security compliance  
implementation and assessing. Our clients include some of the largest  
companies in areas such as finance, telecommunications, insurance,  
ITC, etc. We are vendor independent provider with a deep expertise  
since 2001. Our efforts in R&D include vulnerability research, open  
security project collaboration and whitepapers, presentations and  
security events participation and promotion. For further information  
regarding our security services, contact us.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Sep 2010 00:00Current
7.4High risk
Vulners AI Score7.4
atmail webmailxssvulnerabilitylogin processsecurity auditcross site scriptingversion 6.1.9http getversion 6.2.0vicente aguilera diaz
27