# Title: IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting<font></font>
# Author: Lutfu Mert Ceylan<font></font>
# Vendor Homepage: www.icewarp.com<font></font>
# Tested on: Windows 10<font></font>
# Versions: 11.4.4.1 and before<font></font>
# Vulnerable Parameter: "color" (Get Method)<font></font>
# Google Dork: inurl:/webmail/ intext:Powered by IceWarp Server<font></font>
# CVE: CVE-2020-8512<font></font>
<font></font>
# Notes:<font></font>
<font></font>
# An attacker can use XSS (in color parameter IceWarp WebMail 11.4.4.1 and<font></font>
# before)to send a malicious script to an unsuspecting Admins or users. The<font></font>
# end admins or useras browser has no way to know that the script should not<font></font>
# be trusted, and will execute the script. Because it thinks the script came<font></font>
# from a trusted source, the malicious script can access any cookies, session<font></font>
# tokens, or other sensitive information retained by the browser and used<font></font>
# with that site. These scripts can even rewrite the content of the HTML<font></font>
# page. Even an attacker can easily place users in social engineering through<font></font>
# this vulnerability and create a fake field.<font></font>
<font></font>
# PoC:<font></font>
<font></font>
# Go to Sign-in page through this path: http://localhost/webmail/ or<font></font>
http://localhost:32000/webmail/<font></font>
<font></font>
# Add the "color" parameter to the URL and write malicious code, Example:<font></font>
http://localhost/webmail/?color="><svg/onload=alert(1)><font></font>
<font></font>
# When the user goes to the URL, the malicious code is executed<font></font>
<font></font>
Example Vulnerable URL: http://localhost/webmail/?color=<font></font>
"><svg/onload=alert(1)><font></font>
<font></font>
# 0day.today [2020-02-03] #
# Author: Lutfu Mert Ceylan<font></font>
# Vendor Homepage: www.icewarp.com<font></font>
# Tested on: Windows 10<font></font>
# Versions: 11.4.4.1 and before<font></font>
# Vulnerable Parameter: "color" (Get Method)<font></font>
# Google Dork: inurl:/webmail/ intext:Powered by IceWarp Server<font></font>
# CVE: CVE-2020-8512<font></font>
<font></font>
# Notes:<font></font>
<font></font>
# An attacker can use XSS (in color parameter IceWarp WebMail 11.4.4.1 and<font></font>
# before)to send a malicious script to an unsuspecting Admins or users. The<font></font>
# end admins or useras browser has no way to know that the script should not<font></font>
# be trusted, and will execute the script. Because it thinks the script came<font></font>
# from a trusted source, the malicious script can access any cookies, session<font></font>
# tokens, or other sensitive information retained by the browser and used<font></font>
# with that site. These scripts can even rewrite the content of the HTML<font></font>
# page. Even an attacker can easily place users in social engineering through<font></font>
# this vulnerability and create a fake field.<font></font>
<font></font>
# PoC:<font></font>
<font></font>
# Go to Sign-in page through this path: http://localhost/webmail/ or<font></font>
http://localhost:32000/webmail/<font></font>
<font></font>
# Add the "color" parameter to the URL and write malicious code, Example:<font></font>
http://localhost/webmail/?color="><svg/onload=alert(1)><font></font>
<font></font>
# When the user goes to the URL, the malicious code is executed<font></font>
<font></font>
Example Vulnerable URL: http://localhost/webmail/?color=<font></font>
"><svg/onload=alert(1)><font></font>
<font></font>
# 0day.today [2020-02-03] #
thankyo for text mesages...
ReplyDeletebungalov ev fiyatları
#bungalovev #bungalovevfiyatlari #üçgenev
Forumlar ve kod kabul etmeyen yerler için
ReplyDelete[URL="https://www.tekerliev.com"]Tiny House[/URL]
en iyi tiny house üreticisi tiny house
ReplyDelete#tinyhouse #tinyhousefiyatlari #minikev #küçükev
Post a Comment