2 matches found
Ability Mail Server 2013 -Persistent Cross-Site Scripting / Cross-Site Request Forgery (Password Reset)
On one machine Windows Server 2003, install a new instance of AMS with these configurations 1. Primary Domain: hack.local 2. Enable the WebMail Service 3. Domain Name: hack.local 4. Add a User and set Password. In this case I created a user named, victim, with a password of victim 5. Finish...
Ability Mail Server 2013 3.1.1 - Web UI Persistent Cross-Site Scripting
!/usr/bin/env python ''' Exploit Title: Ability Mail Server 2013 Stored XSS Date: 12/20/2013 Exploit Author: David Um Vendor Homepage: http://www.code-crafters.com/ Software Link: http://download.code-crafters.com/ams.exe Version: 3.1.1 Tested on: Windows Server 2003 SP2 CVE : CVE-2013-6162...