5 matches found
winmail邮件系统存储型跨站
简要描述: winmail最近刚刚升级为最新版本,但系统存在一处XSS漏洞,利用该漏洞,我们可以盗取任意用户邮件内容和COOKIE信息,以及进行一些其他恶意操作。 详细说明: 1、涉及版本:Winmail Mail Server5.5 2、winmail邮件系统对发件人字段进行了过滤,但是在回复邮件时,系统会重新读取发件人,系统重新读取后,并没有对发件人字段进行过滤,导致存储型XSS的触发。 3、系统演示站点:http://demo.magicwinmail.com:6080/ 漏洞证明: 1、登录系统--》配置箱--》使用偏好,将发件人名字改为...
Winmail Mail Server 2.3 - Remote Format String Exploit
No description provided by source...
Winmail Mail Server Information Disclosure
Three scripts that come with the installed Winmail Server chgpwd.php, domain.php and user.php allow a remote attacker to disclose sensitive information about the remote host. SPDX-FileCopyrightText: 2004 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are...
Winmail Mail Server 2.3 Remote Format String Exploit
Exploit for unknown platform in category remote exploits ==================================================== Winmail Mail Server 2.3 Remote Format String Exploit ==================================================== / Magic Winmail Server 2.3Build 0402 Remote Format string exploit. Coded by Threa...
Winmail Mail Server 2.3 Build 0402 - Remote Format String
/ Magic Winmail Server 2.3Build 0402 Remote Format string exploit. Coded by ThreaT. This one take advantage of a format bug in the SMTP protocol smtp port + The command to execute cannot exceed 90 characters + compile : cl.exe mwmxploit.c /w / include include pragma comment lib,"wsock32.lib" void...