exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ability_mail_server_1.18.txt

Ability_mail_server_1.18.txt
Posted Jul 12, 2004
Authored by Dr. Insane | Site members.lycos.co.uk

Ability Mail Server 1.x is susceptible to a cross site scripting flaw and a denial of service vulnerability.

tags | advisory, denial of service, xss
SHA-256 | 1f7f8a8d03be95cfa388c5d59de178d57af5d4318ec74a2eddbfaedf6efac7e8

Ability_mail_server_1.18.txt

Change Mirror Download
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Ability Mail server 1.18 Dos attack and Css Vulnerabilities+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Date: 11/07/2004


Severity:
Low

Systems Affected:
Microsoft Windows NT 4.0 (all versions)
Microsoft Windows 2000 (SP3 and earlier)
Microsoft Windows XP (all versions)
windows 9x

Description:
"Ability Mail Server has been designed to be small, fast, reliable, advanced and very feature rich.
This easy to use mail server supports SMTP, POP3, IMAP4, WebMail, Remote Admin, Virus Protection and
much more."
Two vulnerabilities have been identified in Ability mail server 1.18 that may allow a malicious user
to get access to a remote sustem or cause a Dos attack.

1 - The first vulnerability is an Xss attack. Input passed to "errormsg" parameter isn't properly sanitised
before being returned to users.This can be exploited to execute arbitrary HTML and script code in a user's
browser session in contextof a vulnerable site by tricking the user into visiting a malicious website or
follow a specially crafted link.

example: http://127.0.0.1:8000/_error?id=[id]&errormsg=[exploit_code]
example: http://127.0.0.1:8000/_error?id=[id]&errormsg=<script>alert(document.cookie)</script>

2 - The second vulnerability is a denial of service condition. By establishing about 150-200 connections
with three services at the same time CPU usage will hit 100% and the system will stop offering any services.

example: Try to establish at the same time 150-200 connection with Webmail service(8000),
admin service(8880) and SMTP service (25).

Workaround:
Use another product.


Credit:
Dr_insane
Http://members.lycos.co.uk/r34ct/


Feedback
Please send your comments to: dr_insane@pathfinder.gr
Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close